diff options
author | Michal Čihař <michal@cihar.com> | 2017-12-07 12:54:39 +0300 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2017-12-14 12:34:45 +0300 |
commit | 72f109a99c82b14c07dcb19946ba9b76efc32a1b (patch) | |
tree | 6c921c3ba5d99f472528937a24f78ffe10c81f03 /import.php | |
parent | 72925985e0d95747dba3ec125f2fca6f8c80349f (diff) |
Accept SQL query only from POST requests
Signed-off-by: Michal Čihař <michal@cihar.com>
Diffstat (limited to 'import.php')
-rw-r--r-- | import.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/import.php b/import.php index 3aac8b85cf..f83d03e295 100644 --- a/import.php +++ b/import.php @@ -742,7 +742,7 @@ if ($go_sql) { $cfgBookmark = Bookmark::getParams($GLOBALS['cfg']['Server']['user']); Sql::storeTheQueryAsBookmark( $db, $cfgBookmark['user'], - $_REQUEST['sql_query'], $_POST['bkm_label'], + $_POST['sql_query'], $_POST['bkm_label'], isset($_POST['bkm_replace']) ? $_POST['bkm_replace'] : null ); } @@ -757,7 +757,7 @@ if ($go_sql) { $cfgBookmark = Bookmark::getParams($GLOBALS['cfg']['Server']['user']); Sql::storeTheQueryAsBookmark( $db, $cfgBookmark['user'], - $_REQUEST['sql_query'], $_POST['bkm_label'], + $_POST['sql_query'], $_POST['bkm_label'], isset($_POST['bkm_replace']) ? $_POST['bkm_replace'] : null ); } |