diff options
| author | Michal Čihař <michal@cihar.com> | 2016-07-22 17:03:25 +0300 |
|---|---|---|
| committer | Michal Čihař <michal@cihar.com> | 2016-07-22 17:03:25 +0300 |
| commit | 3b794e0ed115334fccf8b0787f5d8d468ba3ad3d (patch) | |
| tree | c7435b3fc6c2f3f508d8f5216da22d5672ebedeb /tbl_addfield.php | |
| parent | be70f0c6bf4785c4b0188071bd9f676b43de68c8 (diff) | |
| parent | ff1016e504770dd334ab30fa85de11e8559eee01 (diff) | |
Merge branch 'QA_4_6-security' into master-security
Diffstat (limited to 'tbl_addfield.php')
| -rw-r--r-- | tbl_addfield.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/tbl_addfield.php b/tbl_addfield.php index 2ec8a2972b..2996d147ab 100644 --- a/tbl_addfield.php +++ b/tbl_addfield.php @@ -43,10 +43,13 @@ if (isset($_REQUEST['submit_num_fields'])) { if (isset($_REQUEST['orig_field_where'])) { $_REQUEST['field_where'] = $_REQUEST['orig_field_where']; } - $num_fields = $_REQUEST['orig_num_fields'] + $_REQUEST['added_fields']; + $num_fields = min( + intval($_REQUEST['orig_num_fields']) + intval($_REQUEST['added_fields']), + 4096 + ); $regenerate = true; } elseif (isset($_REQUEST['num_fields']) && intval($_REQUEST['num_fields']) > 0) { - $num_fields = (int) $_REQUEST['num_fields']; + $num_fields = min(4096, intval($_REQUEST['num_fields'])); } else { $num_fields = 1; } |