Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-7fmr-5vcc-329j
Always cast integer when it's related to ids on AdminAttributesGroupsController
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents 887d070 + 319607e commit 622ba66
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 7 deletions.
2 changes: 1 addition & 1 deletion classes/controller/AdminController.php
Expand Up @@ -1009,7 +1009,7 @@ public function processDeleteImage()
{
if (Validate::isLoadedObject($object = $this->loadObject())) {
if (($object->deleteImage())) {
$redirect = self::$currentIndex . '&update' . $this->table . '&' . $this->identifier . '=' . Tools::getValue($this->identifier) . '&conf=7&token=' . $this->token;
$redirect = self::$currentIndex . '&update' . $this->table . '&' . $this->identifier . '=' . (int) Tools::getValue($this->identifier) . '&conf=7&token=' . $this->token;
if (!$this->ajax) {
$this->redirect_after = $redirect;
} else {
Expand Down
2 changes: 1 addition & 1 deletion classes/helper/HelperList.php
Expand Up @@ -232,7 +232,7 @@ public function displayListContent()
if (isset($this->fields_list['position'])) {
if ($this->position_identifier) {
if (isset($this->position_group_identifier)) {
$position_group_identifier = Tools::getIsset($this->position_group_identifier) ? Tools::getValue($this->position_group_identifier) : $this->position_group_identifier;
$position_group_identifier = Tools::getIsset($this->position_group_identifier) ? (int) Tools::getValue($this->position_group_identifier) : $this->position_group_identifier;
} else {
$position_group_identifier = (int) Tools::getValue('id_' . ($this->is_cms ? 'cms_' : '') . 'category', ($this->is_cms ? '1' : Category::getRootCategory()->id));
}
Expand Down
10 changes: 5 additions & 5 deletions controllers/admin/AdminAttributesGroupsController.php
Expand Up @@ -101,7 +101,7 @@ public function renderList()

public function renderView()
{
if (($id = Tools::getValue('id_attribute_group'))) {
if (($id = (int) Tools::getValue('id_attribute_group'))) {
$this->table = 'attribute';
$this->className = 'Attribute';
$this->identifier = 'id_attribute';
Expand Down Expand Up @@ -617,7 +617,7 @@ public function initToolbarTitle()

case 'view':
if (Tools::getIsset('viewattribute_group')) {
if (($id = Tools::getValue('id_attribute_group'))) {
if (($id = (int) Tools::getValue('id_attribute_group'))) {
if (Validate::isLoadedObject($obj = new AttributeGroup((int) $id))) {
$bread_extended[] = $obj->name[$this->context->employee->id_lang];
}
Expand All @@ -630,7 +630,7 @@ public function initToolbarTitle()

case 'editAttributes':
if ($this->id_attribute) {
if (($id = Tools::getValue('id_attribute_group'))) {
if (($id = (int) Tools::getValue('id_attribute_group'))) {
if (Validate::isLoadedObject($obj = new AttributeGroup((int) $id))) {
$bread_extended[] = '<a href="' . Context::getContext()->link->getAdminLink('AdminAttributesGroups') . '&id_attribute_group=' . $id . '&viewattribute_group">' . $obj->name[$this->context->employee->id_lang] . '</a>';
}
Expand Down Expand Up @@ -742,7 +742,7 @@ public function postProcess()
return;
}

if (!Tools::getValue($this->identifier) && Tools::getValue('id_attribute') && !Tools::getValue('attributeOrderby')) {
if (!Tools::getValue($this->identifier) && (int) Tools::getValue('id_attribute') && !Tools::getValue('attributeOrderby')) {
// Override var of Controller
$this->table = 'attribute';
$this->className = 'Attribute';
Expand All @@ -751,7 +751,7 @@ public function postProcess()

/* set location with current index */
if (Tools::getIsset('id_attribute_group') && Tools::getIsset('viewattribute_group')) {
self::$currentIndex = self::$currentIndex . '&id_attribute_group=' . Tools::getValue('id_attribute_group', 0) . '&viewattribute_group';
self::$currentIndex = self::$currentIndex . '&id_attribute_group=' . (int) Tools::getValue('id_attribute_group', 0) . '&viewattribute_group';
}

// If it's an attribute, load object Attribute()
Expand Down

0 comments on commit 622ba66

Please sign in to comment.