dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent cross site scripting by limiting the value of $show on the registrations page.

This commit is contained in:
Mark Crane 2015-04-25 05:47:35 +00:00
parent 95dd5922ff
commit eabe0581b2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/registrations/status_registrations_inc.php
View File

@ -41,9 +41,10 @@ require_once "resources/check_auth.php";
$language = new text;
$text = $language->get();
//request profile
//get the HTTP values asn set as variables
$sip_profile_name = trim($_REQUEST["profile"]);
$show = trim($_REQUEST["show"]);
if ($show != "all") { $show = ''; }
//define variables
$c = 0;