Prevent XSS on browse views

glpi-project · Jan 24, 2023 · 9a312e8 · 9a312e8
1 parent 1e8157b
commit 9a312e8
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/inc/knowbase.class.php b/inc/knowbase.class.php
@@ -146,13 +146,11 @@ static function showBrowseView() {
       $rand        = mt_rand();
       $ajax_url    = $CFG_GLPI["root_doc"]."/ajax/knowbase.php";
       $loading_txt = addslashes(__('Loading...'));
-      $start       = isset($_REQUEST['start'])
-                        ? $_REQUEST['start']
-                        : 0;
+      $start       = (int)($_REQUEST['start'] ?? 0);
 
       $cat_id = 'false';
       if (array_key_exists('knowbaseitemcategories_id', $_REQUEST)) {
-         $cat_id = $_REQUEST['knowbaseitemcategories_id'];
+         $cat_id = (int)$_REQUEST['knowbaseitemcategories_id'];
       }
 
       $category_list = json_encode(self::getJstreeCategoryList());