bacula-web: Replaced all $_POST and $_GET by safe values in backup job report page

author Davide Franco <bacula-dev@dflc.ch>

Wed, 20 Jul 2011 16:59:07 +0000 (18:59 +0200)

committer Kern Sibbald <kern@sibbald.com>

Sat, 20 Apr 2013 12:49:25 +0000 (14:49 +0200)
author Davide Franco <bacula-dev@dflc.ch>
Wed, 20 Jul 2011 16:59:07 +0000 (18:59 +0200)
committer Kern Sibbald <kern@sibbald.com>
Sat, 20 Apr 2013 12:49:25 +0000 (14:49 +0200)
diff --git a/gui/bacula-web/backupjob-report.php b/gui/bacula-web/backupjob-report.php

index 566f4b28851f8a2f0f1c109360e75132bffb261a..635e622dcb43cbf1fc066e4a51597c1c39446bef 100644 (file)
--- a/gui/bacula-web/backupjob-report.php
+++ b/gui/bacula-web/backupjob-report.php
@@ -30,10 +30,13 @@
         // ===============================================================
         // Get Backup Job name from GET or POST
         // ===============================================================
-       if( isset( $_POST["backupjob_name"] ) )
-               $backupjob_name = $_POST["backupjob_name"];
-       elseif( isset( $_GET["backupjob_name"] ) )
-               $backupjob_name = $_GET["backupjob_name"];
+       $http_post = CHttp::getRequestVars( $_POST );
+       $http_get  = CHttp::getRequestVars( $_GET );
+       
+       if( isset( $http_post['backupjob_name'] ) )
+               $backupjob_name = $http_post['backupjob_name'];
+       elseif( isset( $http_get['backupjob_name'] ) )
+               $backupjob_name = $http_get['backupjob_name'];
         else
                 die( "Please specify a backup job name " );
author	Davide Franco <bacula-dev@dflc.ch>
	Wed, 20 Jul 2011 16:59:07 +0000 (18:59 +0200)
committer	Kern Sibbald <kern@sibbald.com>
	Sat, 20 Apr 2013 12:49:25 +0000 (14:49 +0200)