Changeset 3746:0cae5565cdc8
- Timestamp:
- 03/30/18 13:36:59 (7 years ago)
- Branch:
- default
- Files:
-
- 2 edited
-
admin/blogs.php (modified) (1 diff)
-
inc/admin/lib.pager.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
admin/blogs.php
r3731 r3746 75 75 if ($order !== '' && in_array($order, $order_combo, true)) { 76 76 $params['order'] = $sortby . ' ' . $order; 77 } else { 78 $order = 'desc'; 77 79 } 78 80 } else { -
inc/admin/lib.pager.php
r3731 r3746 49 49 unset($args['ok']); 50 50 } 51 51 52 $this->form_hidden = ''; 52 53 foreach ($args as $k => $v) { 53 if (is_array($v)) { 54 foreach ($v as $k2 => $v2) { 55 $this->form_hidden .= form::hidden(array($k . '[]'), html::escapeHTML($v2)); 54 // Check parameter key (will prevent some forms of XSS) 55 if ($k === preg_replace('`[^A-Za-z0-9_-]`', '', $k)) { 56 if (is_array($v)) { 57 foreach ($v as $k2 => $v2) { 58 $this->form_hidden .= form::hidden(array($k . '[]'), html::escapeHTML($v2)); 59 } 60 } else { 61 $this->form_hidden .= form::hidden(array($k), html::escapeHTML($v)); 56 62 } 57 } else {58 $this->form_hidden .= form::hidden(array($k), html::escapeHTML($v));59 63 } 60 64 }
Note: See TracChangeset
for help on using the changeset viewer.