- Changed: eZContentBrowse::result will only return a valid integer a…

…rray, invalid entries are excluded. (Merged from trunk (3.6.0rc1) rev. 11779) git-svn-id: file:///home/patrick.allaert/svn-git/ezp-repo/ezpublish/stable/3.5@11784 a01eee8c-daba-0310-acae-fa49f3023285
ezsystems · May 12, 2005 · 0fdbc64 · 0fdbc64
1 parent 4bd9484
commit 0fdbc64
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/doc/changelogs/3.5/CHANGELOG-3.5.2-to-3.5.3 b/doc/changelogs/3.5/CHANGELOG-3.5.2-to-3.5.3
@@ -3,6 +3,8 @@ Changes from 3.5.2 to 3.5.3
 *Kernel:
 - Added: Show PHP eAccelerator information in the system information page.
   (Submitted by: Vittal Aithal)
+- Changed: eZContentBrowse::result will only return a valid integer array,
+  invalid entries are excluded.
 
 ezpm.php:
 - Added: The database is checked to see if it has the same version as the

diff --git a/kernel/classes/ezcontentbrowse.php b/kernel/classes/ezcontentbrowse.php
@@ -287,7 +287,29 @@ function result( $actionName, $asObject = false )
             $postName = 'SelectedObjectIDArray';
         $http =& eZHTTPTool::instance();
         if ( $http->hasPostVariable( $postName ) && !$http->hasPostVariable( 'BrowseCancelButton' ) )
-            return $http->postVariable( $postName );
+        {
+            $postList = $http->postVariable( $postName );
+            $list = array();
+            foreach ( $postList as $value )
+            {
+                if ( !is_numeric( $value ) )
+                {
+                    eZDebug::writeError( "Non-numeric value ($value) found for POST variable $postName for browse action '$actionName', the value will be excluded",
+                                         'eZContentBrowse::result' );
+                    continue;
+                }
+                // Append the value as a real integer, avoids XSS problems.
+                $intValue = (int)$value;
+                if ( $value != $intValue )
+                {
+                    eZDebug::writeError( "Non-integer value ($value) found for POST variable $postName for browse action '$actionName', the value will be excluded",
+                                         'eZContentBrowse::result' );
+                    continue;
+                }
+                $list[] = $intValue;
+            }
+            return array_unique( $list );
+        }
         return false;
     }