Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

sanitize input

  • Loading branch information...
commit a29189dd51f6c8cf3939ac6ee10e90139aabb8f4 1 parent c93037e
Anthon Pang robocoder authored
Showing with 4 additions and 0 deletions.
  1. +4 −0 xhprof_lib/utils/xhprof_lib.php
4 xhprof_lib/utils/xhprof_lib.php
View
@@ -905,6 +905,10 @@ function xhprof_param_init($params) {
exit();
}
+ if ($k === 'run') {
+ $p = implode(',', array_filter(explode(',', $p), 'is_numeric'));
+ }
+
// create a global variable using the parameter name.
$GLOBALS[$k] = $p;
}

1 comment on commit a29189d

Slava Vishnyakov

This breaks the code for me, the run is hex, for me is_numeric returns false, it needs ctype_xdigit instead of is_numeric

Please sign in to comment.
Something went wrong with that request. Please try again.