From: Davide Franco <bacula-dev@dflc.ch>
Date: Wed, 20 Jul 2011 16:59:07 +0000 (+0200)
Subject: bacula-web: Replaced all $_POST and $_GET by safe values in backup job report page
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=61abd08816e525eaf4e5209fccb9cc720165a613;p=bacula%2Fbacula

bacula-web: Replaced all $_POST and $_GET by safe values in backup job report page
---

diff --git a/gui/bacula-web/backupjob-report.php b/gui/bacula-web/backupjob-report.php
index 566f4b2885..635e622dcb 100644
--- a/gui/bacula-web/backupjob-report.php
+++ b/gui/bacula-web/backupjob-report.php
@@ -30,10 +30,13 @@
 	// ===============================================================
 	// Get Backup Job name from GET or POST
 	// ===============================================================
-	if( isset( $_POST["backupjob_name"] ) )
-		$backupjob_name = $_POST["backupjob_name"];
-	elseif( isset( $_GET["backupjob_name"] ) )
-		$backupjob_name = $_GET["backupjob_name"];
+	$http_post = CHttp::getRequestVars( $_POST );
+	$http_get  = CHttp::getRequestVars( $_GET );
+	
+	if( isset( $http_post['backupjob_name'] ) )
+		$backupjob_name = $http_post['backupjob_name'];
+	elseif( isset( $http_get['backupjob_name'] ) )
+		$backupjob_name = $http_get['backupjob_name'];
 	else
 		die( "Please specify a backup job name " );