diff options
| author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-29 09:05:37 +0000 |
|---|---|---|
| committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-29 09:05:37 +0000 |
| commit | 45feef9f6bdae1f2ed9c386ace5f47f012526a4a (patch) | |
| tree | 241b06e377a4edda08d31b2d2569c41d780dfe72 /www/ajax | |
| parent | 5b91086b54061501d8c74d3ec75e03a920d33587 (diff) | |
| download | semanticscuttle-45feef9f6bdae1f2ed9c386ace5f47f012526a4a.tar.gz semanticscuttle-45feef9f6bdae1f2ed9c386ace5f47f012526a4a.tar.bz2 | |
fix several XSS injection problems with page variable
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@468 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'www/ajax')
| -rw-r--r-- | www/ajax/getadminlinkedtags.php | 2 | ||||
| -rw-r--r-- | www/ajax/getlinkedtags.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/www/ajax/getadminlinkedtags.php b/www/ajax/getadminlinkedtags.php index 0a5d813..2b1c3ac 100644 --- a/www/ajax/getadminlinkedtags.php +++ b/www/ajax/getadminlinkedtags.php @@ -57,7 +57,7 @@ function displayTag($tag, $uId) { { label: 'name', identifier: 'id', items: [ <?php -$json = displayTag(GET_TAG, GET_UID); +$json = displayTag(GET_TAG, intval(GET_UID)); $json = substr($json, 0, -1); // remove final comma avoiding IE6 Dojo bug echo $json; ?> diff --git a/www/ajax/getlinkedtags.php b/www/ajax/getlinkedtags.php index 9415f87..621d1c4 100644 --- a/www/ajax/getlinkedtags.php +++ b/www/ajax/getlinkedtags.php @@ -57,7 +57,7 @@ function displayTag($tag, $uId) { { label: 'name', identifier: 'id', items: [ <?php -$json = displayTag(GET_TAG, GET_UID); +$json = displayTag(GET_TAG, intval(GET_UID)); $json = substr($json, 0, -1); // remove final comma avoiding IE6 Dojo bug echo $json; ?> |