- Timestamp:
- 11/14/2018 04:44:36 PM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
ninja-forms/trunk/includes/Admin/Menus/Submissions.php
r1886851 r1974335 75 75 unset( $views[ 'publish' ] ); 76 76 77 // If the Form ID is not empty ...78 if( ! empty( $_GET[ 'form_id' ] ) ) {77 // If the Form ID is not empty and IS a number... 78 if( ! empty( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) { 79 79 // ...populate the rest of the query string. 80 80 $form_id = '&form_id=' . $_GET[ 'form_id' ] . '&nf_form_filter&paged=1'; … … 141 141 public function change_columns() 142 142 { 143 $form_id = ( isset( $_GET['form_id'] ) ) ? $_GET['form_id'] : FALSE; 143 // if the form_id isset and ID a number 144 $form_id = ( isset( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : FALSE; 144 145 145 146 if( ! $form_id ) return array(); … … 185 186 public function custom_columns( $column, $sub_id ) 186 187 { 188 global $post_type; 189 190 if ( 'nf_sub' !== $post_type ) return false; 191 187 192 $sub = Ninja_Forms()->form()->get_sub( $sub_id ); 188 193 … … 234 239 asort($form_options); 235 240 236 if( isset( $_GET[ 'form_id' ] ) ) { 241 242 // make sure form_id isset and is a number 243 if( isset( $_GET[ 'form_id' ] ) && ctype_digit( $_GET[ 'form_id' ] ) ) { 237 244 $form_selected = $_GET[ 'form_id' ]; 238 245 } else { … … 241 248 242 249 if( isset( $_GET[ 'begin_date' ] ) ) { 243 $begin_date = $_GET[ 'begin_date' ]; 250 // check for bad characters(possible xss vulnerability) 251 $beg_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'begin_date' ]); 252 253 if ( 1 !== count( array_unique( str_split( $beg_date_sep ) ) ) ) {// We got bad data. 254 $begin_date = ''; 255 } else { 256 $begin_date = $_GET[ 'begin_date' ]; 257 } 244 258 } else { 245 259 $begin_date = ''; … … 247 261 248 262 if( isset( $_GET[ 'end_date' ] ) ) { 249 $end_date = $_GET[ 'end_date' ]; 263 // check for bad characters(possible xss vulnerability) 264 $end_date_sep = preg_replace('/[0-9]+/', '', $_GET[ 'end_date' ]); 265 266 if ( 1 !== count( array_unique( str_split( $end_date_sep ) ) ) ) {// We got bad data. 267 $end_date = ''; 268 } else { 269 $end_date = $_GET[ 'end_date' ]; 270 } 250 271 } else { 251 272 $end_date = ''; … … 266 287 $vars = &$query->query_vars; 267 288 268 $form_id = ( ! empty( $_GET['form_id'] ) ) ? $_GET['form_id'] : 0; 289 // make sure form_id is not empty and is a number 290 $form_id = ( ! empty( $_GET['form_id'] ) && ctype_digit( $_GET[ 'form_id' ] ) ) ? $_GET['form_id'] : 0; 269 291 270 292 $vars = $this->table_filter_by_form( $vars, $form_id ); … … 278 300 global $typenow; 279 301 // filter to select search query 280 if ( is _search() && is_admin() && $typenow == 'nf_sub' && isset ( $_GET['s']) ) {302 if ( isset ( $_GET['s'] ) && $typenow == 'nf_sub' && is_search() && is_admin() ) { 281 303 global $wpdb; 282 304 … … 378 400 } 379 401 380 Ninja_Forms()->form( $_REQUEST['form_id'])->export_subs( $sub_ids );402 Ninja_Forms()->form( absint( $_REQUEST['form_id'] ) )->export_subs( $sub_ids ); 381 403 } 382 404 … … 499 521 // Include submissions on the end_date. 500 522 $end_date = date( 'm/d/Y', strtotime( '+1 day', strtotime( $end_date ) ) ); 501 523 502 524 if ( ! isset ( $vars['date_query'] ) ) { 503 525
Note: See TracChangeset
for help on using the changeset viewer.