Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix: adm_config_report.php filtering does not check config option is …
…valid

I've left this throwing ERROR_GENERIC as the only time this should be able
to be hit is if we have invalid input to start with.
  • Loading branch information
mantis committed Aug 8, 2014
1 parent 9825864 commit cabacdc
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions adm_config_report.php
Expand Up @@ -182,6 +182,7 @@ function print_option_list_from_array( array $p_array, $p_filter_value ) {
} else {
# Retrieve the filter from the cookie if it exists
$t_cookie_string = gpc_get_cookie( $t_cookie_name, null );

if( null !== $t_cookie_string ) {
$t_cookie_contents = explode( ':', $t_cookie_string );

Expand All @@ -195,6 +196,16 @@ function print_option_list_from_array( array $p_array, $p_filter_value ) {
}
}

if( !is_blank( $t_filter_config_value ) && (int)$t_filter_config_value !== META_FILTER_NONE ) {
// check that config value exists
if( @config_get_global( $t_filter_config_value ) === null ) {
$t_cookie_path = config_get( 'cookie_path' );
gpc_clear_cookie( $t_cookie_name, $t_cookie_path );

trigger_error( ERROR_GENERIC, ERROR );
}
}

# Get config edit values
$t_edit_user_id = gpc_get_int( 'user_id', $t_filter_user_value == META_FILTER_NONE ? ALL_USERS : $t_filter_user_value );
$t_edit_project_id = gpc_get_int( 'project_id', $t_filter_project_value == META_FILTER_NONE ? ALL_PROJECTS : $t_filter_project_value );
Expand Down

0 comments on commit cabacdc

Please sign in to comment.