From 335229b0d1a107c451cc48838e8118a2a4ca4371 Mon Sep 17 00:00:00 2001 From: ruan Date: Sun, 1 Nov 2015 12:56:26 +0200 Subject: [PATCH] Validate arguments further --- check.php | 2 +- history.php | 2 +- info.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/check.php b/check.php index f2b040e..0f4bf3e 100644 --- a/check.php +++ b/check.php @@ -73,7 +73,7 @@ class Check { } } -if (isset($_GET['name'], $_GET['table'])) { +if (isset($_GET['name'], $_GET['table']) && is_string($_GET['name']) && is_string($_GET['table'])) { $check = new Check(); $check->run($_GET['name'], $_GET['table']); } diff --git a/history.php b/history.php index ed7eb64..c760e27 100644 --- a/history.php +++ b/history.php @@ -58,7 +58,7 @@ class History { $page = new Page("history"); -isset($_GET['uuid']) or die("Missing arguments (uuid)."); +isset($_GET['uuid']) && is_string($_GET['uuid']) or die("Missing arguments (uuid)."); $staffhistory = (isset($_GET['staffhistory']) && $_GET['staffhistory'] === "1"); diff --git a/info.php b/info.php index 88e6932..468a423 100644 --- a/info.php +++ b/info.php @@ -114,7 +114,7 @@ if ((substr($_SERVER['SCRIPT_NAME'], -strlen("info.php"))) !== "info.php") { return; } -isset($_GET['type'], $_GET['id']) or die("Missing arguments (type, id)."); +isset($_GET['type'], $_GET['id']) && is_string($_GET['type']) && is_string($_GET['id']) or die("Missing arguments (type, id)."); $type = $_GET['type']; $id = $_GET['id'];