Skip to content

Commit 2ddffb2

Browse files
committed
fix security vulnerability to reranking pages; reported by kyohpc
1 parent 9eeed1e commit 2ddffb2

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

Diff for: framework/modules/navigation/controllers/navigationController.php

+4-2
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@ class navigationController extends expController {
3939
'move' => 'Move Page',
4040
'remove' => 'Remove Page',
4141
'reparent' => 'Reparent Page',
42+
'dragndroprerank' => 'Rerank Page',
43+
'dragndroprerank2' => 'Rerank Page',
4244
);
4345
public $remove_configs = array(
4446
'aggregation',
@@ -858,8 +860,8 @@ public static function returnChildrenAsJSON2() {
858860
public static function DragnDropReRank() {
859861
global $db, $router;
860862

861-
$move = $router->params['move'];
862-
$target = $router->params['target'];
863+
$move = intval($router->params['move']);
864+
$target = intval($router->params['target']);
863865
$type = $router->params['type'];
864866
$targSec = $db->selectObject("section","id=".$target);
865867
// $targSec = new section($target);

0 commit comments

Comments
 (0)