Dotclear


Ignore:
Timestamp:
03/30/18 13:36:59 (7 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Fix potential reflective XSS, thank's Zekvan Arslan for report (via Daniel Bishtawi from  https://www.netsparker.com/)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • admin/blogs.php

    r3731 r3746  
    7575    if ($order !== '' && in_array($order, $order_combo, true)) { 
    7676        $params['order'] = $sortby . ' ' . $order; 
     77    } else { 
     78        $order = 'desc'; 
    7779    } 
    7880} else { 
Note: See TracChangeset for help on using the changeset viewer.

Sites map