From 0061607478af9b5d5793667c544cf333872e0344 Mon Sep 17 00:00:00 2001
From: Cristian Fasanando <cristian.fasanando@beeznest.com>
Date: Sat, 30 May 2009 17:22:44 +0200
Subject: [PATCH] [svn r21103] Fixed vulnerable get parameter: fullpage -
 partial FS#4261

---
 main/help/allowed_html_tags.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main/help/allowed_html_tags.php b/main/help/allowed_html_tags.php
index f91269e060..fa00538d19 100644
--- a/main/help/allowed_html_tags.php
+++ b/main/help/allowed_html_tags.php
@@ -69,7 +69,8 @@ if(api_get_setting('stylesheets')<>'')
 </h4>
 <?php
 $html_type = $_SESSION['status'] == COURSEMANAGER ? TEACHER_HTML : STUDENT_HTML;
-$fullpage = $_GET['fullpage'] == '0' ? false : true;
+
+$fullpage = intval($_GET['fullpage']) == '0' ? false : true;
 $tags = HTML_QuickForm_Rule_HTML :: get_allowed_tags($html_type,$fullpage);
 $table_header = array();
 $table_header[]= array('tag',true);
@@ -81,7 +82,7 @@ foreach ($tags as $tag => $attributes)
 	$row[] = '<kbd>&nbsp;'.implode(', ',array_keys($attributes)).'</kbd>';
 	$table_data[] = $row;
 }
-Display::display_sortable_table($table_header,$table_data,array(),array(),array('fullpage'=>$_GET['fullpage']));
+Display::display_sortable_table($table_header,$table_data,array(),array(),array('fullpage'=>intval($_GET['fullpage'])));
 ?>
 <div style="text-align:right;"><a href="javascript:window.close();"><?php echo get_lang('Close'); ?></a></div>
 </div>