fixes #667, check $_GET['page'] to avoid XSS

This can be an issue only on Internet Explorer
2025-04-26 19:29:58 +03:00 · 2017-06-12 11:36:28 +02:00 · 2017-06-12 11:36:28 +02:00 · 4310fe7a55
commit 4310fe7a55
parent 3ae62ce118
1 changed files with 2 additions and 0 deletions
--- a/admin.php
+++ b/admin.php
@ -41,6 +41,8 @@ trigger_notify('loc_begin_admin');

 check_status(ACCESS_ADMINISTRATOR);

+check_input_parameter('page', $_GET, false, '/^[a-zA-Z\d_-]+$/');
+
 // +-----------------------------------------------------------------------+
 // | Direct actions                                                        |
 // +-----------------------------------------------------------------------+