Permalink
Browse files

fix security vulnerability to reranking pages; reported by kyohpc

  • Loading branch information...
dleffler committed Nov 3, 2016
1 parent 9eeed1e commit 2ddffb2e7eafe4830e3483a4b437873022c461ba
Showing with 4 additions and 2 deletions.
  1. +4 −2 framework/modules/navigation/controllers/navigationController.php
@@ -39,6 +39,8 @@ class navigationController extends expController {
'move' => 'Move Page',
'remove' => 'Remove Page',
'reparent' => 'Reparent Page',
'dragndroprerank' => 'Rerank Page',
'dragndroprerank2' => 'Rerank Page',
);
public $remove_configs = array(
'aggregation',
@@ -858,8 +860,8 @@ public static function returnChildrenAsJSON2() {
public static function DragnDropReRank() {
global $db, $router;
$move = $router->params['move'];
$target = $router->params['target'];
$move = intval($router->params['move']);
$target = intval($router->params['target']);
$type = $router->params['type'];
$targSec = $db->selectObject("section","id=".$target);
// $targSec = new section($target);

0 comments on commit 2ddffb2

Please sign in to comment.