Browse files

sanitize input

  • Loading branch information...
1 parent c93037e commit a29189dd51f6c8cf3939ac6ee10e90139aabb8f4 @robocoder robocoder committed Mar 25, 2013
Showing with 4 additions and 0 deletions.
  1. +4 −0 xhprof_lib/utils/xhprof_lib.php
View
4 xhprof_lib/utils/xhprof_lib.php
@@ -905,6 +905,10 @@ function xhprof_param_init($params) {
exit();
}
+ if ($k === 'run') {
+ $p = implode(',', array_filter(explode(',', $p), 'is_numeric'));
+ }
+
// create a global variable using the parameter name.
$GLOBALS[$k] = $p;
}

1 comment on commit a29189d

@slava-vishnyakov

This breaks the code for me, the run is hex, for me is_numeric returns false, it needs ctype_xdigit instead of is_numeric

Please sign in to comment.