Changeset 97681


Ignore:
Timestamp:
Sep 11, 2012, 10:28:59 PM (7 years ago)
Author:
wsiegrist@…
Message:

Guard against XSS by stripping non-numeric values from page and pagesize

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/www/ports.php

    r66180 r97681  
    2020    $by = isset($_GET['by']) ? $_GET['by'] : '';
    2121    $substr = isset($_GET['substr']) ? $_GET['substr'] : '';
    22     $page = isset($_GET['page']) ? max($_GET['page'], 1) : '1';
    23     $pagesize = isset($_GET['pagesize']) ? max($_GET['pagesize'], 1) : 50; # arbitrary setting
     22    $page = isset($_GET['page']) ? max(intval($_GET['page']), 1) : '1';
     23    $pagesize = isset($_GET['pagesize']) ? max(intval($_GET['pagesize']), 1) : 50; # arbitrary setting
    2424
    2525    print_header('The MacPorts Project -- Available Ports', 'utf-8');
Note: See TracChangeset for help on using the changeset viewer.