Revision 0e6cf71b
Added by Renato Botelho over 11 years ago
| usr/local/www/system_authservers.php | ||
|---|---|---|
| 44 | 44 |
$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
|
| 45 | 45 |
$shortcut_section = "authentication"; |
| 46 | 46 |
|
| 47 |
$id = $_GET['id']; |
|
| 48 |
if (isset($_POST['id'])) |
|
| 47 |
if (is_numericint($_GET['id'])) |
|
| 48 |
$id = $_GET['id']; |
|
| 49 |
if (isset($_POST['id']) && is_numericint($_POST['id'])) |
|
| 49 | 50 |
$id = $_POST['id']; |
| 50 | 51 |
|
| 51 | 52 |
if (!is_array($config['system']['authserver'])) |
| ... | ... | |
| 788 | 789 |
<td width="78%"> |
| 789 | 790 |
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
|
| 790 | 791 |
<?php if (isset($id) && $a_server[$id]): ?> |
| 791 |
<input name="id" type="hidden" value="<?=$id;?>" />
|
|
| 792 |
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
|
|
| 792 | 793 |
<?php endif;?> |
| 793 | 794 |
</td> |
| 794 | 795 |
</tr> |
Also available in: Unified diff
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print