[svn r21103] Fixed vulnerable get parameter: fullpage - partial FS#4261

17 years ago · 0061607478
parent ec22d0b227
commit 0061607478
1 changed files with 3 additions and 2 deletions
--- a/main/help/allowed_html_tags.php
+++ b/main/help/allowed_html_tags.php
@ -69,7 +69,8 @@ if(api_get_setting('stylesheets')<>'')
 </h4>
 <?php
 $html_type = $_SESSION['status'] == COURSEMANAGER ? TEACHER_HTML : STUDENT_HTML;
-$fullpage = $_GET['fullpage'] == '0' ? false : true;
+
+$fullpage = intval($_GET['fullpage']) == '0' ? false : true;
 $tags = HTML_QuickForm_Rule_HTML :: get_allowed_tags($html_type,$fullpage);
 $table_header = array();
 $table_header[]= array('tag',true);
@ -81,7 +82,7 @@ foreach ($tags as $tag => $attributes)
 	$row[] = '<kbd>&nbsp;'.implode(', ',array_keys($attributes)).'</kbd>';
 	$table_data[] = $row;
 }
-Display::display_sortable_table($table_header,$table_data,array(),array(),array('fullpage'=>$_GET['fullpage']));
+Display::display_sortable_table($table_header,$table_data,array(),array(),array('fullpage'=>intval($_GET['fullpage'])));
 ?>
 <div style="text-align:right;"><a href="javascript:window.close();"><?php echo get_lang('Close'); ?></a></div>
 </div>