diff options
| author | Cash Costello <cash.costello@gmail.com> | 2011-07-04 09:15:11 -0700 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2011-07-04 09:15:11 -0700 |
| commit | 440c94c74f929344c5b755e2607c8426d4de08b3 (patch) | |
| tree | aa042845b8e241fdba5b9bd8ebeab66631437b4a /pages | |
| parent | de111da23258cd2b513c8f4ab84712ee50272b23 (diff) | |
| parent | 3beedd84a7dbcf7a17a75248473302320653d231 (diff) | |
| download | elgg-440c94c74f929344c5b755e2607c8426d4de08b3.tar.gz elgg-440c94c74f929344c5b755e2607c8426d4de08b3.tar.bz2 | |
Merge pull request #53 from cash/reflected_xss_fixes
Fixes #3544 Reflected xss fixes
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/river.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/pages/river.php b/pages/river.php index fa559d59b..5770084ab 100644 --- a/pages/river.php +++ b/pages/river.php @@ -3,12 +3,12 @@ * Main activity stream list page */ -// $page_type comes from the page handler function - $options = array(); -$type = get_input('type', 'all'); -$subtype = get_input('subtype', ''); +$page_type = preg_replace('[\W]', '', get_input('page_type', 'all')); +$type = preg_replace('[\W]', '', get_input('type', 'all')); +$active_section = +$subtype = preg_replace('[\W]', '', get_input('subtype', '')); if ($subtype) { $selector = "type=$type&subtype=$subtype"; } else { |