We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
squirrelmail
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix XXS "hole" (you can only target yourself...) in calendar: make sure
that each of the request-vars concerning dates is numeric.

Thijs Kinkhorst 22 years ago
parent
9386a96889
commit
46b5d95c3f
1 changed files with 16 additions and 16 deletions
Split View Show Diff Stats
  1. 16 16
      plugins/calendar/event_delete.php

+ 16 - 16
plugins/calendar/event_delete.php
View File 

@@ -27,52 +27,52 @@ require_once(SM_PATH . 'functions/page_header.php');
 
 require_once(SM_PATH . 'include/load_prefs.php');
 
 require_once(SM_PATH . 'functions/html.php');
 
 /* get globals */
 
-if (isset($_GET['month'])) {
 
+if (isset($_GET['month']) && is_numeric($_GET['month'])) {
 
     $month = $_GET['month'];
 
 }
 
-elseif (isset($_POST['month'])) {
 
+elseif (isset($_POST['month']) && is_numeric($_GET['month'])) {
 
     $month = $_POST['month'];
 
 }
 
-if (isset($_GET['year'])) {
 
+if (isset($_GET['year']) && is_numeric($_GET['year'])) {
 
     $year = $_GET['year'];
 
 }
 
-elseif (isset($_POST['year'])) {
 
+elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
 
     $year = $_POST['year'];
 
 }
 
-if (isset($_GET['day'])) {
 
+if (isset($_GET['day']) && is_numeric($_GET['day'])) {
 
     $day = $_GET['day'];
 
 }
 
-elseif (isset($_POST['day'])) {
 
+elseif (isset($_POST['day']) && is_numeric($_POST['day'])) {
 
     $day = $_POST['day'];
 
 }
 
-if (isset($_GET['dyear'])) {
 
+if (isset($_GET['dyear']) && is_numeric($_GET['dyear'])) {
 
     $dyear = $_GET['dyear'];
 
 }
 
-elseif (isset($_POST['dyear'])) {
 
+elseif (isset($_POST['dyear']) && is_numeric($_POST['dyear'])) {
 
     $dyear = $_POST['dyear'];
 
 }
 
-if (isset($_GET['dmonth'])) {
 
+if (isset($_GET['dmonth']) && is_numeric($_GET['dmonth'])) {
 
     $dmonth = $_GET['dmonth'];
 
 }
 
-elseif (isset($_POST['dmonth'])) {
 
+elseif (isset($_POST['dmonth']) && is_numeric($_POST['dmonth'])) {
 
     $dmonth = $_POST['dmonth'];
 
 }
 
-if (isset($_GET['dday'])) {
 
+if (isset($_GET['dday']) && is_numeric($_GET['dday'])) {
 
     $dday = $_GET['dday'];
 
 }
 
-elseif (isset($_POST['dday'])) {
 
+elseif (isset($_POST['dday']) && is_numeric($_POST['dday'])) {
 
     $dday = $_POST['dday'];
 
 }
 
-if (isset($_GET['dhour'])) {
 
+if (isset($_GET['dhour']) && is_numeric($_GET['dhour'])) {
 
     $dhour = $_GET['dhour'];
 
 }
 
-elseif (isset($_POST['dhour'])) {
 
+elseif (isset($_POST['dhour']) && is_numeric($_POST['dhour'])) {
 
     $dhour = $_POST['dhour'];
 
 }
 
-if (isset($_GET['dminute'])) {
 
+if (isset($_GET['dminute']) && is_numeric($_GET['dminute'])) {
 
     $dminute = $_GET['dminute'];
 
 }
 
-elseif (isset($_POST['dminute'])) {
 
+elseif (isset($_POST['dminute']) && is_numeric($_POST['dminute'])) {
 
     $dminute = $_POST['dminute'];
 
 }
 
 if (isset($_POST['confirmed'])) {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5