Fixed low risk XSS issue with user account address edit. Thanks to @r…

…obert81 for the find. Close #3721
opencart · Dec 17, 2015 · 303fa88 · 303fa88 · ADDCreative · Dec 21, 2015
1 parent 3319a61
commit 303fa88
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/upload/catalog/controller/account/address.php b/upload/catalog/controller/account/address.php
@@ -425,15 +425,15 @@ protected function getForm() {
 		}
 
 		if (isset($this->request->post['country_id'])) {
-			$data['country_id'] = $this->request->post['country_id'];
+			$data['country_id'] = (int)$this->request->post['country_id'];
 		}  elseif (!empty($address_info)) {
 			$data['country_id'] = $address_info['country_id'];
 		} else {
 			$data['country_id'] = $this->config->get('config_country_id');
 		}
 
 		if (isset($this->request->post['zone_id'])) {
-			$data['zone_id'] = $this->request->post['zone_id'];
+			$data['zone_id'] = (int)$this->request->post['zone_id'];
 		}  elseif (!empty($address_info)) {
 			$data['zone_id'] = $address_info['zone_id'];
 		} else {
@@ -503,11 +503,11 @@ protected function validateForm() {
 			$this->error['postcode'] = $this->language->get('error_postcode');
 		}
 
-		if ($this->request->post['country_id'] == '') {
+		if ($this->request->post['country_id'] == '' || !is_int($this->request->post['country_id'])) {
 			$this->error['country'] = $this->language->get('error_country');
 		}
 
-		if (!isset($this->request->post['zone_id']) || $this->request->post['zone_id'] == '') {
+		if (!isset($this->request->post['zone_id']) || $this->request->post['zone_id'] == '' || !is_int($this->request->post['zone_id'])) {
 			$this->error['zone'] = $this->language->get('error_zone');
 		}