nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent cross site scripting by limiting the value of $show on the registrations page.

Browse Source
This commit is contained in:
Mark Crane
2015-04-25 05:47:35 +00:00
parent cbd974a89e
commit 04bb28752a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/registrations/status_registrations_inc.php
View File

@@ -41,9 +41,10 @@ require_once "resources/check_auth.php";
$language = new text;
$text = $language->get();
//request profile
//get the HTTP values asn set as variables
$sip_profile_name = trim($_REQUEST["profile"]);
$show = trim($_REQUEST["show"]);
if ($show != "all") { $show = ''; }
//define variables
$c = 0;