]> git.sur5r.net Git - bacula/bacula/commitdiff
bacula-web: Replaced all $_POST by safe values in bweb class
authorDavide Franco <bacula-dev@dflc.ch>
Wed, 20 Jul 2011 16:59:30 +0000 (18:59 +0200)
committerKern Sibbald <kern@sibbald.com>
Sat, 20 Apr 2013 12:49:25 +0000 (14:49 +0200)
gui/bacula-web/includes/bweb.inc.php

index 43b3efd686ba25128b6e13e28868b19528d6e055..ea45ce3d336fd83dd758a43aa07a92501902df29 100644 (file)
@@ -41,8 +41,9 @@ class Bweb
                $this->init_gettext();
                
                // Check catalog id
-               if( isset($_POST['catalog_id']) ) {
-                       $this->catalog_current_id = $_POST['catalog_id'];
+               $http_post = CHttp::getRequestVars($_POST);
+               if( isset( $http_post['catalog_id'] ) ) {
+                       $this->catalog_current_id = $http_post['catalog_id'];
                        $_SESSION['catalog_id'] = $this->catalog_current_id;
                }
                elseif( isset( $_SESSION['catalog_id'] ) )