Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
pts-core: Local result viewer filter out any excess characters passed…
… to comparison ID forwarder
  • Loading branch information
michaellarabel committed Jun 26, 2022
1 parent 13165b7 commit 61e004c
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions pts-core/static/dynamic-result-viewer/index.php
Expand Up @@ -42,6 +42,12 @@

if(isset($_REQUEST['checkbox_compare_results']))
{
foreach($_REQUEST['checkbox_compare_results'] as &$inp)
{
// Remove any possible garbage since the result identifiers should just have alpha num and dashes anyhow...
$inp = preg_replace('/[^\w-]/', '', $inp);
}

echo '<script> window.location.href = "http://' . $_SERVER['HTTP_HOST'] . WEB_URL_PATH . 'result/' . implode(',', $_REQUEST['checkbox_compare_results']) . '"; </script>';
exit;
}
Expand Down

0 comments on commit 61e004c

Please sign in to comment.