#597: Fix for XSS issue in chatbox extension.

2017-03-08 01:14:11 -08:00
parent fefc922070
commit c379420a1f
2 changed files with 15 additions and 4 deletions
--- a/ext/chatbox/php/functions.php
+++ b/ext/chatbox/php/functions.php
@ -89,7 +89,10 @@
 		global $yShout, $prefs;
 		if ($yShout) return $yShout;

-		if ($log > $prefs['logs'] || $log < 0 || !is_numeric($log)) $log = 1;
+		if (filter_var($log, FILTER_VALIDATE_INT, array("options" => array("min_range" => 0, "max_range" => $prefs['logs']))) === false)
+		{
+		  $log = 1;
+		}
 		
 		$log = 'log.' . $log;
 		return new YShout($log, loggedIn());