Skip to content
Permalink
Browse files Browse the repository at this point in the history
phoromatic: Explicitly check both $_GET abd $_POST in phoromatic_quit…
…_if_invalid_input_found()

Fixes: #650 (comment)
  • Loading branch information
michaellarabel committed Jul 23, 2022
1 parent 2160259 commit d3880d9
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions pts-core/phoromatic/phoromatic_functions.php
Expand Up @@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
{
foreach($input_keys as $key)
{
if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key]))
if(isset($_GET[$key]) && !empty($_GET[$key]))
{
foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check)
foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check)
{
if(stripos($val_to_check, $invalid_string) !== false)
{
echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check);
exit;
}
}
}
if(isset($_POST[$key]) && !empty($_POST[$key]))
{
foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check)
{
if(stripos($val_to_check, $invalid_string) !== false)
{
Expand Down

0 comments on commit d3880d9

Please sign in to comment.