Skip to content

Commit

Permalink
EZP-31643 Object injection in discountruleedit (#139)
Browse files Browse the repository at this point in the history
  • Loading branch information
@glye
glye committed Oct 5, 2020
1 parent 925cc50 commit b7c2a06
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions kernel/shop/discountruleedit.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@
'discountrule_id' => $discountRuleID ),
'persistent_data' => array( 'discountrule_name' => $http->postVariable( 'discountrule_name' ),
'discountrule_percent' => $http->postVariable( 'discountrule_percent' ),
'Contentclasses' => ( $http->hasPostVariable( 'Contentclasses' ) )? serialize( $http->postVariable( 'Contentclasses' ) ): '',
'Sections' => ( $http->hasPostVariable( 'Sections' ) )? serialize( $http->postVariable( 'Sections' ) ): '',
'Products' => ( $http->hasPostVariable( 'Products' ) )? serialize( $http->postVariable( 'Products' ) ): '' ),
'Contentclasses' => ( $http->hasPostVariable( 'Contentclasses' ) )? json_encode( $http->postVariable( 'Contentclasses' ) ): '',
'Sections' => ( $http->hasPostVariable( 'Sections' ) )? json_encode( $http->postVariable( 'Sections' ) ): '',
'Products' => ( $http->hasPostVariable( 'Products' ) )? json_encode( $http->postVariable( 'Products' ) ): '' ),
'from_page' => "/shop/discountruleedit/$discountGroupID/$discountRuleID" ),
$module );
return;
Expand All @@ -68,7 +68,7 @@
$discountRuleSelectedClasses = $http->postVariable( 'Contentclasses' );
if ( !is_array( $discountRuleSelectedClasses ) )
{
$discountRuleSelectedClasses = unserialize( $discountRuleSelectedClasses );
$discountRuleSelectedClasses = json_decode( $discountRuleSelectedClasses );
}
}

Expand All @@ -78,7 +78,7 @@
$discountRuleSelectedSections = $http->postVariable( 'Sections' );
if ( !is_array( $discountRuleSelectedSections ) )
{
$discountRuleSelectedSections = unserialize( $discountRuleSelectedSections );
$discountRuleSelectedSections = json_decode( $discountRuleSelectedSections );
}
}

Expand All @@ -88,7 +88,7 @@
$discountRuleSelectedProducts = $http->postVariable( 'Products' );
if ( !is_array( $discountRuleSelectedProducts ) )
{
$discountRuleSelectedProducts = unserialize( $discountRuleSelectedProducts );
$discountRuleSelectedProducts = json_decode( $discountRuleSelectedProducts );
}
}

Expand Down

0 comments on commit b7c2a06

Please sign in to comment.