Force pos to be integer to avoid XSS.

2006-11-17 08:47:26 +00:00
parent 1042770109
commit 6c06cb72d2
24 changed files with 166 additions and 189 deletions
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -13,6 +13,9 @@ require_once './libraries/Table.class.php';
 */
 if (!isset($pos)) {
    $pos = 0;
+} else {
+    /* We need this to be a integer */
+    $pos = (int)$pos
 }

 /**