Skip to content

Commit

Permalink
Added filter
Browse files Browse the repository at this point in the history 
$field = filter_var($_GET['fid'], FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);

If attempted xss then $field will be null
  • Loading branch information
@twodayslate
twodayslate committed May 21, 2013
1 parent 0819440 commit 9d0d0cc
Showing 1 changed file with 13 additions and 8 deletions.
21 changes: 13 additions & 8 deletions code/FilePage.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,11 @@ public function init() {
function Listing($ParentID = null) {
if(!$this->FolderID) return false;

$field = $_GET['fid'];
if (isset($field) && is_numeric($field)) {
if (DataObject::get("File", "ID = ".$_GET['fid'])) {
$ParentID = $_GET['fid'];
$field = filter_var($_GET['fid'], FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);

if (isset($field)) {
if (DataObject::get("File", "ID = ".$field)) {
$ParentID = $field;
}
} else {
$ParentID = $this->FolderID;
Expand All @@ -75,8 +76,10 @@ function Listing($ParentID = null) {

// Checks if not at the root folder
function NotRoot() {
if (isset($_GET['fid'])) {
if (DataObject::get("File", "ID = ".$_GET['fid'])) {
$field = filter_var($_GET['fid'], FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);

if (isset($field)) {
if (DataObject::get("File", "ID = ".$field)) {
return true;
}
}
Expand All @@ -85,8 +88,10 @@ function NotRoot() {

// Gets current folder from $_GET['fid']
function CurrentFolder() {
if (isset($_GET['fid'])) {
return DataObject::get_by_id("File",$_GET['fid']);
$field = filter_var($_GET['fid'], FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);

if (isset($field)) {
return DataObject::get_by_id("File",$field);
}
return false;
}
Expand Down

0 comments on commit 9d0d0cc

Please sign in to comment.