check for query parameters before using them

2025-02-06 07:04:57 +00:00 · 2016-03-23 08:38:48 +01:00 · 2016-03-23 08:38:48 +01:00 · 85636ab04a
commit 85636ab04a
parent e0b55e8a0d
1 changed files with 5 additions and 5 deletions
--- a/op/op.ClearClipboard.php
+++ b/op/op.ClearClipboard.php
@ -31,10 +31,10 @@ $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_cleared

 add_log_line();

-if($_GET['refferer'])
+if(isset($_GET['refferer']) && $_GET['refferer'])
 	header("Location:".urldecode($_GET['refferer']));
-else {
-	$folderid = $_GET['folderid'];
-	header("Location:../out/out.ViewFolder.php?folderid=".$folderid);
-}
+elseif(isset($_GET['folderid']) && is_numeric($_GET['folderid']))
+	header("Location:../out/out.ViewFolder.php?folderid=".$_GET['folderid']);
+else
+	header("Location:../index.php");
 ?>