Bug 277194 Escape GET variables better

patch by colin.ogilvie@gmail.com, r=alanjstr
2005-01-17 02:45:01 +00:00 · 2005-01-17 02:45:01 +00:00 · 4430b3b490
--- a/webtools/update/themes/showlist.php
+++ b/webtools/update/themes/showlist.php
@ -159,7 +159,7 @@ if ($startpoint<0) {$startpoint=0; $startitem=0;}
 if ($enditem>$totalresults) {$enditem=$totalresults;} //Verify EndItem


-if ($_GET[nextnum]) {$startpoint = $_GET["nextnum"]; }
+if ($_GET[nextnum]) {$startpoint = escape_string($_GET["nextnum"]); }
 //$resultsquery = str_replace("GROUP BY `Name` ", "", $resultsquery);
 $resultsquery .= " LIMIT $startpoint , $items_per_page"; //Append LIMIT clause to result query