Skip to content

Commit cabacdc

Browse files
committed
Fix: adm_config_report.php filtering does not check config option is valid
I've left this throwing ERROR_GENERIC as the only time this should be able to be hit is if we have invalid input to start with.
1 parent 9825864 commit cabacdc

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

Diff for: adm_config_report.php

+11
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,7 @@ function print_option_list_from_array( array $p_array, $p_filter_value ) {
182182
} else {
183183
# Retrieve the filter from the cookie if it exists
184184
$t_cookie_string = gpc_get_cookie( $t_cookie_name, null );
185+
185186
if( null !== $t_cookie_string ) {
186187
$t_cookie_contents = explode( ':', $t_cookie_string );
187188

@@ -195,6 +196,16 @@ function print_option_list_from_array( array $p_array, $p_filter_value ) {
195196
}
196197
}
197198

199+
if( !is_blank( $t_filter_config_value ) && (int)$t_filter_config_value !== META_FILTER_NONE ) {
200+
// check that config value exists
201+
if( @config_get_global( $t_filter_config_value ) === null ) {
202+
$t_cookie_path = config_get( 'cookie_path' );
203+
gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
204+
205+
trigger_error( ERROR_GENERIC, ERROR );
206+
}
207+
}
208+
198209
# Get config edit values
199210
$t_edit_user_id = gpc_get_int( 'user_id', $t_filter_user_value == META_FILTER_NONE ? ALL_USERS : $t_filter_user_value );
200211
$t_edit_project_id = gpc_get_int( 'project_id', $t_filter_project_value == META_FILTER_NONE ? ALL_PROJECTS : $t_filter_project_value );

0 commit comments

Comments
 (0)