Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

make sure params are strings for manual-lookup.php (bug #61756)

  • Loading branch information...
commit ee6c0e89afea5f3b4682bbaf37a31929f6435ac9 1 parent 09ca235
@salathe salathe authored
Showing with 5 additions and 7 deletions.
  1. +1 −1  include/langchooser.inc
  2. +4 −6 manual-lookup.php
View
2  include/langchooser.inc
@@ -50,7 +50,7 @@ function language_choose_code()
$explicitly_specified = ''; $selected = '';
// Specified for the request (GET/POST parameter)
- if (!empty($_REQUEST['lang'])) {
+ if (!empty($_REQUEST['lang']) && is_string($_REQUEST['lang'])) {
$explicitly_specified = language_add(htmlspecialchars($_REQUEST['lang'], ENT_QUOTES, 'UTF-8'), $languages);
// Set the language in a cookie for a year
View
10 manual-lookup.php
@@ -8,15 +8,13 @@
// BC code, so pattern and function can both be used as
// parameters to specify the function name
$function = '';
-if (empty($_GET['function'])) {
- if (!empty($_GET['pattern'])) {
- $function = htmlspecialchars($_GET['pattern'], ENT_QUOTES, 'UTF-8');
- }
-} else {
+if (!empty($_GET['function']) && is_string($_GET['function'])) {
$function = htmlspecialchars($_GET['function'], ENT_QUOTES, 'UTF-8');
+} elseif (!empty($_GET['pattern']) && is_string($_GET['pattern'])) {
+ $function = htmlspecialchars($_GET['pattern'], ENT_QUOTES, 'UTF-8');
}
-if(!empty($_GET['scope'])) {
+if(!empty($_GET['scope']) && is_string($_GET['scope'])) {
$scope = htmlspecialchars($_GET['scope'], ENT_QUOTES, 'UTF-8');
} else {
$scope = '';
Please sign in to comment.
Something went wrong with that request. Please try again.