Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix security vulnerability in ratings; reported by fyth
  • Loading branch information
dleffler committed Nov 3, 2016
1 parent 0ce8b94 commit 6172f67
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions framework/modules/core/controllers/expRatingController.php
Expand Up @@ -28,7 +28,7 @@ class expRatingController extends expController {
static function displayname() { return gt("Ratings Manager"); }
static function description() { return gt("This module is for managing ratings on records"); }
static function hasSources() { return false; }

function __construct($src=null, $params=array()) {
global $user;
parent::__construct($src, $params);
Expand All @@ -40,7 +40,9 @@ function __construct($src=null, $params=array()) {
*/
function update() {
global $db, $user;


$this->params['content_type'] = preg_replace("/[^[:alnum:][:space:]]/u", '', $this->params['content_type']);
$this->params['subtype'] = preg_replace("/[^[:alnum:][:space:]]/u", '', $this->params['subtype']);
$this->params['id'] = $db->selectValue('content_expRatings','expratings_id',"content_id='".$this->params['content_id']."' AND content_type='".$this->params['content_type']."' AND subtype='".$this->params['subtype']."' AND poster='".$user->id."'");
$msg = gt('Thank you for your rating');
$rating = new expRating($this->params);
Expand All @@ -59,11 +61,11 @@ function update() {

$ar = new expAjaxReply(200,$msg);
$ar->send();

// flash('message', $msg);
// expHistory::back();
}

}

?>

0 comments on commit 6172f67

Please sign in to comment.