diff options
| author | friendica <info@friendica.com> | 2015-01-08 19:09:52 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2015-01-08 19:09:52 -0800 |
| commit | 1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1 (patch) | |
| tree | b9ca6b2c16c6efd8ece888567bd265ec2a8e22ab /include/dir_fns.php | |
| parent | 836223bf5b60a8b0db27dac9e5c183c77fa6a2e1 (diff) | |
| download | volse-hubzilla-1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1.tar.gz volse-hubzilla-1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1.tar.bz2 volse-hubzilla-1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1.zip | |
SECURITY: dir_sort_links() exposes session cookie
Diffstat (limited to 'include/dir_fns.php')
| -rw-r--r-- | include/dir_fns.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/dir_fns.php b/include/dir_fns.php index af6f78c01..98b906e84 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -56,10 +56,10 @@ function dir_sort_links() { $current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : 'normal'); $url = 'directory?'; - $tmp = $_REQUEST; + $tmp = array_merge($_GET,$_POST); unset($tmp['order']); $sorturl = $url . http_build_query($tmp); - $tmp = $_REQUEST; + $tmp = array_merge($_GET,$_POST); unset($tmp['pubforums']); $forumsurl = $url . http_build_query($tmp); |