Permalink
Browse files

XSS fix

- added optional_param for id
  • Loading branch information...
1 parent b455078 commit d27162c0cd2029473d7405e9461f6b9fc8b1fc9a julmis committed Sep 20, 2005
Showing with 2 additions and 1 deletion.
  1. +2 −1 lib/editor/popups/fullscreen.php
@@ -1,5 +1,6 @@
<?php // $Id$
include("../../../config.php");
+ $id = optional_param('id', 0, PARAM_INT);
?>
<html>
<head><title><?php print_string("fullscreen","editor");?></title>
@@ -9,7 +10,7 @@
html, body { margin: 0px; border: 0px; background-color: buttonface; } </style>
-<script type="text/javascript" src="../htmlarea.php<?php print($id != "")?"?id=$id":"";?>"></script>
+<script type="text/javascript" src="../htmlarea.php?id=<?php p($id); ?>"></script>
<script type="text/javascript" src="../lang/en.php"></script>
<script type="text/javascript" src="../dialog.js"></script>
<script type="text/javascript" src="../plugins/TableOperations/table-operations.js"></script>

0 comments on commit d27162c

Please sign in to comment.