diff options
| author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-29 09:05:37 +0000 |
|---|---|---|
| committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-29 09:05:37 +0000 |
| commit | 45feef9f6bdae1f2ed9c386ace5f47f012526a4a (patch) | |
| tree | 241b06e377a4edda08d31b2d2569c41d780dfe72 /www/bookmarks.php | |
| parent | 5b91086b54061501d8c74d3ec75e03a920d33587 (diff) | |
| download | semanticscuttle-45feef9f6bdae1f2ed9c386ace5f47f012526a4a.tar.gz semanticscuttle-45feef9f6bdae1f2ed9c386ace5f47f012526a4a.tar.bz2 | |
fix several XSS injection problems with page variable
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@468 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'www/bookmarks.php')
| -rw-r--r-- | www/bookmarks.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/www/bookmarks.php b/www/bookmarks.php index 4a36a39..8424edb 100644 --- a/www/bookmarks.php +++ b/www/bookmarks.php @@ -190,7 +190,7 @@ if ($templatename == 'editbookmark.tpl') { $tplVars['tags'] = POST_TAGS; } else { if(GET_COPYOF != '') { //copy from bookmarks page - $tplVars['row'] = $bookmarkservice->getBookmark(GET_COPYOF, true); + $tplVars['row'] = $bookmarkservice->getBookmark(intval(GET_COPYOF), true); if(!$currentUser->isAdmin()) { $tplVars['row']['bPrivateNote'] = ''; //only admin can copy private note } @@ -249,7 +249,7 @@ if ($templatename == 'editbookmark.tpl') { // Pagination $perpage = getPerPageCount($currentUser); if (intval(GET_PAGE) > 1) { - $page = GET_PAGE; + $page = intval(GET_PAGE); $start = ($page - 1) * $perpage; } else { $page = 0; |