Permalink
Browse files

fix security vulnerability in ratings; reported by fyth

  • Loading branch information...
dleffler committed Nov 3, 2016
1 parent 0ce8b94 commit 6172f67620ac13fc2f4e9d650c61937d48e9ecb9
Showing with 6 additions and 4 deletions.
  1. +6 −4 framework/modules/core/controllers/expRatingController.php
@@ -28,7 +28,7 @@ class expRatingController extends expController {
static function displayname() { return gt("Ratings Manager"); }
static function description() { return gt("This module is for managing ratings on records"); }
static function hasSources() { return false; }
function __construct($src=null, $params=array()) {
global $user;
parent::__construct($src, $params);
@@ -40,7 +40,9 @@ function __construct($src=null, $params=array()) {
*/
function update() {
global $db, $user;
$this->params['content_type'] = preg_replace("/[^[:alnum:][:space:]]/u", '', $this->params['content_type']);
$this->params['subtype'] = preg_replace("/[^[:alnum:][:space:]]/u", '', $this->params['subtype']);
$this->params['id'] = $db->selectValue('content_expRatings','expratings_id',"content_id='".$this->params['content_id']."' AND content_type='".$this->params['content_type']."' AND subtype='".$this->params['subtype']."' AND poster='".$user->id."'");
$msg = gt('Thank you for your rating');
$rating = new expRating($this->params);
@@ -59,11 +61,11 @@ function update() {
$ar = new expAjaxReply(200,$msg);
$ar->send();
// flash('message', $msg);
// expHistory::back();
}
}
?>

0 comments on commit 6172f67

Please sign in to comment.