aboutsummaryrefslogtreecommitdiff
path: root/mod/embed/views/default
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2011-07-04 09:15:11 -0700
committerCash Costello <cash.costello@gmail.com>2011-07-04 09:15:11 -0700
commit440c94c74f929344c5b755e2607c8426d4de08b3 (patch)
treeaa042845b8e241fdba5b9bd8ebeab66631437b4a /mod/embed/views/default
parentde111da23258cd2b513c8f4ab84712ee50272b23 (diff)
parent3beedd84a7dbcf7a17a75248473302320653d231 (diff)
downloadelgg-440c94c74f929344c5b755e2607c8426d4de08b3.tar.gz
elgg-440c94c74f929344c5b755e2607c8426d4de08b3.tar.bz2
Merge pull request #53 from cash/reflected_xss_fixes
Fixes #3544 Reflected xss fixes
Diffstat (limited to 'mod/embed/views/default')
-rw-r--r--mod/embed/views/default/embed/embed.php6
-rw-r--r--mod/embed/views/default/embed/upload/content.php1
2 files changed, 4 insertions, 3 deletions
diff --git a/mod/embed/views/default/embed/embed.php b/mod/embed/views/default/embed/embed.php
index 77ce03699..2d8de1ca4 100644
--- a/mod/embed/views/default/embed/embed.php
+++ b/mod/embed/views/default/embed/embed.php
@@ -10,7 +10,7 @@
*/
$sections = elgg_extract('sections', $vars, array());
-$active_section = elgg_extract('active_section', $vars, array_shift(array_keys($sections)));
+$active_section = elgg_extract('active_section', $vars, array_shift(array_keys($sections)), false);
$upload_sections = elgg_extract('upload_sections', $vars, array());
$internal_id = elgg_extract('internal_id', $vars);
@@ -20,8 +20,8 @@ if (!$sections) {
$content = elgg_view_title(elgg_echo('embed:media'));
$content .= elgg_view('embed/tabs', $vars);
- $offset = max(0, get_input('offset', 0));
- $limit = get_input('limit', 5);
+ $offset = (int)max(0, get_input('offset', 0));
+ $limit = (int)get_input('limit', 5);
// build the items and layout.
if ($active_section == 'upload' || array_key_exists($active_section, $sections)) {
diff --git a/mod/embed/views/default/embed/upload/content.php b/mod/embed/views/default/embed/upload/content.php
index 24fce8112..8bedf5ad1 100644
--- a/mod/embed/views/default/embed/upload/content.php
+++ b/mod/embed/views/default/embed/upload/content.php
@@ -4,6 +4,7 @@
*/
$upload_sections = elgg_extract('upload_sections', $vars, array());
$active_section = get_input('active_upload_section', array_shift(array_keys($upload_sections)));
+$active_section = preg_replace('[\W]', '', $active_section);
$options = array();