diff options
author | matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> | 2009-03-25 09:57:03 +0300 |
---|---|---|
committer | matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> | 2009-03-25 09:57:03 +0300 |
commit | eb7b288c7a2acd11a9c2f8645f3e4a4692e7012b (patch) | |
tree | 2f8fe1db0d354134feb26cc423a9486bebfb69b4 /core/ViewDataTable.php | |
parent | 82e5ad5eb4d2dbcf2e8c5dd0b3aabf01f978cf92 (diff) |
- in all piwik, we now don't read from _REQUEST as it includes _COOKIE. We instead read data from union of _GET and _POST
- clarified how to test piwik for xss referer injection
Diffstat (limited to 'core/ViewDataTable.php')
-rw-r--r-- | core/ViewDataTable.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/ViewDataTable.php b/core/ViewDataTable.php index bf4340c30d..c450cc80f5 100644 --- a/core/ViewDataTable.php +++ b/core/ViewDataTable.php @@ -566,9 +566,9 @@ abstract class Piwik_ViewDataTable */ protected function getDefaultOrCurrent( $nameVar ) { - if(isset($_REQUEST[$nameVar])) + if(isset($_GET[$nameVar])) { - return htmlspecialchars($_REQUEST[$nameVar]); + return htmlspecialchars($_GET[$nameVar]); } $default = $this->getDefault($nameVar); return $default; |