From 45feef9f6bdae1f2ed9c386ace5f47f012526a4a Mon Sep 17 00:00:00 2001
From: cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
Date: Thu, 29 Oct 2009 09:05:37 +0000
Subject: fix several XSS injection problems with page variable

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@468 b3834d28-1941-0410-a4f8-b48e95affb8f
---
 www/bookmarks.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'www/bookmarks.php')

diff --git a/www/bookmarks.php b/www/bookmarks.php
index 4a36a39..8424edb 100644
--- a/www/bookmarks.php
+++ b/www/bookmarks.php
@@ -190,7 +190,7 @@ if ($templatename == 'editbookmark.tpl') {
 			$tplVars['tags'] = POST_TAGS;
 		} else {
 			if(GET_COPYOF != '') {  //copy from bookmarks page
-				$tplVars['row'] = $bookmarkservice->getBookmark(GET_COPYOF, true);
+				$tplVars['row'] = $bookmarkservice->getBookmark(intval(GET_COPYOF), true);
 				if(!$currentUser->isAdmin()) {
 					$tplVars['row']['bPrivateNote'] = ''; //only admin can copy private note
 				}
@@ -249,7 +249,7 @@ if ($templatename == 'editbookmark.tpl') {
 	// Pagination
 	$perpage = getPerPageCount($currentUser);
 	if (intval(GET_PAGE) > 1) {
-		$page = GET_PAGE;
+		$page = intval(GET_PAGE);
 		$start = ($page - 1) * $perpage;
 	} else {
 		$page = 0;
-- 
cgit v1.2.3