Merge pull request #481 from jgen/develop

Fix XSS in arrowkey extension
2015-03-13 08:37:08 +00:00 · 2015-03-13 08:37:08 +00:00 · 519749559f
commit 519749559f
parent bdbf95f2fa adec7e1763
2 changed files with 4 additions and 4 deletions
--- a/core/event.class.php
+++ b/core/event.class.php
@ -118,7 +118,7 @@ class PageRequestEvent extends Event {
 	 * @return int
 	 */
 	public function count_args() {
-		return (int)($this->arg_count - $this->part_count);
+		return int_escape($this->arg_count - $this->part_count);
 	}

 	/*
--- a/ext/arrowkey_navigation/main.php
+++ b/ext/arrowkey_navigation/main.php
@ -69,13 +69,13 @@ class ArrowkeyNavigation extends Extension {
 		// if there are no tags, use default
 		if ($event->get_arg(1) == null){
 			$prefix = "";
-			$page_number = (int)$event->get_arg(0);
+			$page_number = int_escape($event->get_arg(0));
 			$total_pages = ceil($database->get_one(
 				"SELECT COUNT(*) FROM images") / $images_per_page);
 		}
 		else { // if there are tags, use pages with tags
-			$prefix = $event->get_arg(0)."/";
-			$page_number = (int)$event->get_arg(1);
+			$prefix = url_escape($event->get_arg(0)) . "/";
+			$page_number = int_escape($event->get_arg(1));
 			$total_pages = ceil($database->get_one(
 				"SELECT count FROM tags WHERE tag=:tag",
 					array("tag"=>$event->get_arg(0))) / $images_per_page);