diff options
author | Madhura Jayaratne <madhura.cj@gmail.com> | 2015-05-15 05:15:09 +0300 |
---|---|---|
committer | Madhura Jayaratne <madhura.cj@gmail.com> | 2015-05-15 05:15:09 +0300 |
commit | 0f76d59e1e8d280be5dcdbec5d35fb284f694a91 (patch) | |
tree | fb74c7945b911c02385b4a88ea6ada42903d26e0 /prefs_forms.php | |
parent | 31c21b070adb77893a4d232e1f2b00d2c11d5312 (diff) |
Quit using filter_input since they bypass token check
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
Diffstat (limited to 'prefs_forms.php')
-rw-r--r-- | prefs_forms.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/prefs_forms.php b/prefs_forms.php index 2167dc54eb..4cfe8ff94d 100644 --- a/prefs_forms.php +++ b/prefs_forms.php @@ -23,7 +23,7 @@ PMA_userprefsPageInit($cf); // handle form processing -$form_param = filter_input(INPUT_GET, 'form'); +$form_param = isset($_GET['form']) ? $_GET['form'] : null; if (! isset($forms[$form_param])) { $forms_keys = array_keys($forms); $form_param = array_shift($forms_keys); @@ -57,7 +57,8 @@ if ($form_display->process(false) && !$form_display->hasErrors()) { if ($result === true) { // reload config $GLOBALS['PMA_Config']->loadUserPreferences(); - $hash = ltrim(filter_input(INPUT_POST, 'tab_hash'), '#'); + $tabHash = isset($_POST['tab_hash']) ? $_POST['tab_hash'] : null; + $hash = ltrim($tabHash, '#'); PMA_userprefsRedirect( 'prefs_forms.php', array('form' => $form_param), |