From 04bb28752af32666abeee674f893e18248c3bbbc Mon Sep 17 00:00:00 2001
From: Mark Crane <markjcrane@gmail.com>
Date: Sat, 25 Apr 2015 05:47:35 +0000
Subject: [PATCH] Prevent cross site scripting by limiting the value of $show
 on the registrations page.

---
 app/registrations/status_registrations_inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/registrations/status_registrations_inc.php b/app/registrations/status_registrations_inc.php
index 85c8afb978..8a5a35215b 100644
--- a/app/registrations/status_registrations_inc.php
+++ b/app/registrations/status_registrations_inc.php
@@ -41,9 +41,10 @@ require_once "resources/check_auth.php";
 	$language = new text;
 	$text = $language->get();
 
-//request profile
+//get the HTTP values asn set as variables
 	$sip_profile_name = trim($_REQUEST["profile"]);
 	$show = trim($_REQUEST["show"]);
+	if ($show != "all") { $show = ''; }
 
 //define variables
 	$c = 0;