fixes #667, check $_GET['page'] to avoid XSS

This can be an issue only on Internet Explorer
2026-03-28 17:42:57 +01:00 · 2017-06-12 11:36:28 +02:00
parent 3ae62ce118
commit 4310fe7a55
1 changed files with 2 additions and 0 deletions
--- a/admin.php
+++ b/admin.php
@@ -41,6 +41,8 @@ trigger_notify('loc_begin_admin');

 check_status(ACCESS_ADMINISTRATOR);

+check_input_parameter('page', $_GET, false, '/^[a-zA-Z\d_-]+$/');
+
 // +-----------------------------------------------------------------------+
 // | Direct actions                                                        |
 // +-----------------------------------------------------------------------+