From 61abd08816e525eaf4e5209fccb9cc720165a613 Mon Sep 17 00:00:00 2001
From: Davide Franco <bacula-dev@dflc.ch>
Date: Wed, 20 Jul 2011 18:59:07 +0200
Subject: [PATCH] bacula-web: Replaced all $_POST and $_GET by safe values in
 backup job report page

---
 gui/bacula-web/backupjob-report.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/gui/bacula-web/backupjob-report.php b/gui/bacula-web/backupjob-report.php
index 566f4b2885..635e622dcb 100644
--- a/gui/bacula-web/backupjob-report.php
+++ b/gui/bacula-web/backupjob-report.php
@@ -30,10 +30,13 @@
 	// ===============================================================
 	// Get Backup Job name from GET or POST
 	// ===============================================================
-	if( isset( $_POST["backupjob_name"] ) )
-		$backupjob_name = $_POST["backupjob_name"];
-	elseif( isset( $_GET["backupjob_name"] ) )
-		$backupjob_name = $_GET["backupjob_name"];
+	$http_post = CHttp::getRequestVars( $_POST );
+	$http_get  = CHttp::getRequestVars( $_GET );
+	
+	if( isset( $http_post['backupjob_name'] ) )
+		$backupjob_name = $http_post['backupjob_name'];
+	elseif( isset( $http_get['backupjob_name'] ) )
+		$backupjob_name = $http_get['backupjob_name'];
 	else
 		die( "Please specify a backup job name " );
 
-- 
2.39.5