- in all piwik, we now don't read from _REQUEST as it includes _COOKIE. We instead read data from union of _GET and _POST

- clarified how to test piwik for xss referer injection
author: matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2009-03-25 09:57:03 +0300
committer: matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2009-03-25 09:57:03 +0300
commit: eb7b288c7a2acd11a9c2f8645f3e4a4692e7012b (patch)
tree: 2f8fe1db0d354134feb26cc423a9486bebfb69b4 /core/ViewDataTable.php
parent: 82e5ad5eb4d2dbcf2e8c5dd0b3aabf01f978cf92 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/core/ViewDataTable.php b/core/ViewDataTable.php
index bf4340c30d..c450cc80f5 100644
--- a/core/ViewDataTable.php
+++ b/core/ViewDataTable.php
@@ -566,9 +566,9 @@ abstract class Piwik_ViewDataTable
 	 */
 	protected function getDefaultOrCurrent( $nameVar )
 	{
-		if(isset($_REQUEST[$nameVar]))
+		if(isset($_GET[$nameVar]))
 		{
-			return htmlspecialchars($_REQUEST[$nameVar]);
+			return htmlspecialchars($_GET[$nameVar]);
 		}
 		$default = $this->getDefault($nameVar);
 		return $default;
author	matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2009-03-25 09:57:03 +0300
committer	matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2009-03-25 09:57:03 +0300
commit	eb7b288c7a2acd11a9c2f8645f3e4a4692e7012b (patch)
tree	2f8fe1db0d354134feb26cc423a9486bebfb69b4 /core/ViewDataTable.php
parent	82e5ad5eb4d2dbcf2e8c5dd0b3aabf01f978cf92 (diff)