fixes #573, check $_GET['tab'] against hacking attempt

2026-06-01 20:04:51 +02:00 · 2016-12-19 11:52:28 +01:00
parent 9dd92959f6
commit 4b33a0fd19
1 changed files with 5 additions and 0 deletions
@@ -31,9 +31,14 @@ include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
 $my_base_url = get_root_url().'admin.php?page=languages';

 if (isset($_GET['tab']))
+{
+  check_input_parameter('tab', $_GET, false, '/^(installed|update|new)$/');
  $page['tab'] = $_GET['tab'];
+}
 else
+{
  $page['tab'] = 'installed';
+}

 $tabsheet = new tabsheet();
 $tabsheet->set_id('languages');