Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: security #8829
  • Loading branch information
fmancardi committed Dec 31, 2019
1 parent efbb645 commit e2d88c9
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 26 deletions.
12 changes: 4 additions & 8 deletions lib/plan/tc_exec_unassign_all.php
Expand Up @@ -4,12 +4,7 @@
* This script is distributed under the GNU General Public License 2 or later.
*
* @package TestLink
* @author Andreas Simon
* @copyright 2005-2010, TestLink community
* @version CVS: $Id: tc_exec_unassign_all.php,v 1.3 2010/07/26 19:00:57 asimon83 Exp $
* @link http://www.teamst.org/index.php
*
* @internal revisions:
* @copyright 2005-2019, TestLink community
*
*/

Expand Down Expand Up @@ -69,11 +64,12 @@ function init_args() {

$_REQUEST = strings_stripSlashes($_REQUEST);

$args->build_id = isset($_REQUEST['build_id']) ? $_REQUEST['build_id'] : 0;
$args->build_id = isset($_REQUEST['build_id']) ?
intval($_REQUEST['build_id']) : 0;
$args->confirmed = isset($_REQUEST['confirmed']) && $_REQUEST['confirmed'] == 'yes' ? true : false;

$args->user_id = $_SESSION['userID'];
$args->testproject_id = $_SESSION['testprojectID'];
$args->testproject_id = intval($_SESSION['testprojectID']);
$args->testproject_name = $_SESSION['testprojectName'];

$args->refreshTree = isset($_SESSION['setting_refresh_tree_on_action']) ?
Expand Down
36 changes: 18 additions & 18 deletions lib/results/testCasesWithCF.php
Expand Up @@ -8,8 +8,6 @@
*
* For a test plan, list test cases with Execution Custom Field Data
*
* @internal revisions
* @since 1.9.7
*/
require_once("../../config.inc.php");
require_once("common.php");
Expand Down Expand Up @@ -142,21 +140,24 @@ function:
*/
function init_args(&$dbHandler)
{
$argsObj = new stdClass();
$argsObj = new stdClass();
$argsObj->doIt = false;
$argsObj->showPlatforms = false;
$argsObj->tproject_id = isset($_SESSION['testprojectID']) ? $_SESSION['testprojectID'] : 0;
$argsObj->tproject_name = isset($_SESSION['testprojectName']) ? $_SESSION['testprojectName'] : '';
$argsObj->showPlatforms = false;
$argsObj->tproject_id = isset($_SESSION['testprojectID']) ? $_SESSION['testprojectID'] : 0;
$argsObj->tproject_id = intval($argsObj->tproject_id);

$argsObj->tplan_name = '';
$argsObj->tplan_id = isset($_REQUEST['tplan_id']) ? $_REQUEST['tplan_id'] : 0;
if($argsObj->tplan_id == 0)
{
$argsObj->tplan_id = isset($_SESSION['testplanID']) ? $_SESSION['testplanID'] : 0;
}

if($argsObj->tplan_id > 0)
{
$argsObj->tproject_name = isset($_SESSION['testprojectName']) ? $_SESSION['testprojectName'] : '';

$argsObj->tplan_name = '';
$argsObj->tplan_id = isset($_REQUEST['tplan_id']) ? $_REQUEST['tplan_id'] : 0;
$argsObj->tplan_id = intval($argsObj->tplan_id);

if ($argsObj->tplan_id == 0) {
$argsObj->tplan_id = isset($_SESSION['testplanID']) ? $_SESSION['testplanID'] : 0;
}

if($argsObj->tplan_id > 0) {
$tplan_mgr = new testplan($dbHandler);
$tplan_info = $tplan_mgr->get_by_id($argsObj->tplan_id);
$argsObj->tplan_name = $tplan_info['name'];
Expand All @@ -166,9 +167,9 @@ function init_args(&$dbHandler)
$getOpt = array('outputFormat' => 'map');
$argsObj->platforms = $tplan_mgr->getPlatforms($argsObj->tplan_id,$getOpt);
unset($tplan_mgr);
}
}

return $argsObj;
return $argsObj;
}


Expand Down Expand Up @@ -310,5 +311,4 @@ function getColumnsDefinition($showPlatforms,$customFields,$platforms)
function checkRights(&$db,&$user)
{
return $user->hasRight($db,'testplan_metrics');
}
?>
}

0 comments on commit e2d88c9

Please sign in to comment.