Sanitize the admin page string

habari · Oct 21, 2011 · a0f3400 · a0f3400
1 parent d8a544e
commit a0f3400
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/handlers/adminhandler.php b/handlers/adminhandler.php
@@ -101,6 +101,7 @@ public function setup_admin_theme( $page, $type = '' )
 	public function act_admin()
 	{
 		$page = ( isset( $this->handler_vars['page'] ) && !empty( $this->handler_vars['page'] ) ) ? $this->handler_vars['page'] : 'dashboard';
+		$page = filter_var( $page, FILTER_SANITIZE_STRING );
 		if ( isset( $this->handler_vars['content_type'] ) ) {
 			$type = Plugins::filter( 'post_type_display', Post::type_name( $this->handler_vars['content_type'] ), 'singular' );
 		}