From 3089aead874d2f907994b091b2dc019f34ee0d00 Mon Sep 17 00:00:00 2001 From: Davide Franco Date: Wed, 20 Jul 2011 18:59:30 +0200 Subject: [PATCH] bacula-web: Replaced all $_POST by safe values in bweb class --- gui/bacula-web/includes/bweb.inc.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gui/bacula-web/includes/bweb.inc.php b/gui/bacula-web/includes/bweb.inc.php index 43b3efd686..ea45ce3d33 100644 --- a/gui/bacula-web/includes/bweb.inc.php +++ b/gui/bacula-web/includes/bweb.inc.php @@ -41,8 +41,9 @@ class Bweb $this->init_gettext(); // Check catalog id - if( isset($_POST['catalog_id']) ) { - $this->catalog_current_id = $_POST['catalog_id']; + $http_post = CHttp::getRequestVars($_POST); + if( isset( $http_post['catalog_id'] ) ) { + $this->catalog_current_id = $http_post['catalog_id']; $_SESSION['catalog_id'] = $this->catalog_current_id; } elseif( isset( $_SESSION['catalog_id'] ) ) -- 2.39.5