Quit using filter_input since they bypass token check

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
author: Madhura Jayaratne <madhura.cj@gmail.com> 2015-05-15 05:15:09 +0300
committer: Madhura Jayaratne <madhura.cj@gmail.com> 2015-05-15 05:15:09 +0300
commit: 0f76d59e1e8d280be5dcdbec5d35fb284f694a91 (patch)
tree: fb74c7945b911c02385b4a88ea6ada42903d26e0 /prefs_forms.php
parent: 31c21b070adb77893a4d232e1f2b00d2c11d5312 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/prefs_forms.php b/prefs_forms.php
index 2167dc54eb..4cfe8ff94d 100644
--- a/prefs_forms.php
+++ b/prefs_forms.php
@@ -23,7 +23,7 @@ PMA_userprefsPageInit($cf);
 
 // handle form processing
 
-$form_param = filter_input(INPUT_GET, 'form');
+$form_param = isset($_GET['form']) ? $_GET['form'] : null;
 if (! isset($forms[$form_param])) {
     $forms_keys = array_keys($forms);
     $form_param = array_shift($forms_keys);
@@ -57,7 +57,8 @@ if ($form_display->process(false) && !$form_display->hasErrors()) {
     if ($result === true) {
         // reload config
         $GLOBALS['PMA_Config']->loadUserPreferences();
-        $hash = ltrim(filter_input(INPUT_POST, 'tab_hash'), '#');
+        $tabHash = isset($_POST['tab_hash']) ? $_POST['tab_hash'] : null;
+        $hash = ltrim($tabHash, '#');
         PMA_userprefsRedirect(
             'prefs_forms.php',
             array('form' => $form_param),
author	Madhura Jayaratne <madhura.cj@gmail.com>	2015-05-15 05:15:09 +0300
committer	Madhura Jayaratne <madhura.cj@gmail.com>	2015-05-15 05:15:09 +0300
commit	0f76d59e1e8d280be5dcdbec5d35fb284f694a91 (patch)
tree	fb74c7945b911c02385b4a88ea6ada42903d26e0 /prefs_forms.php
parent	31c21b070adb77893a4d232e1f2b00d2c11d5312 (diff)