From 85636ab04a51e4a69ebb345146e84e5eba32e308 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 23 Mar 2016 08:38:48 +0100 Subject: [PATCH] check for query parameters before using them --- op/op.ClearClipboard.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/op/op.ClearClipboard.php b/op/op.ClearClipboard.php index a01e0856e..f6c87dbcd 100644 --- a/op/op.ClearClipboard.php +++ b/op/op.ClearClipboard.php @@ -31,10 +31,10 @@ $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_cleared add_log_line(); -if($_GET['refferer']) +if(isset($_GET['refferer']) && $_GET['refferer']) header("Location:".urldecode($_GET['refferer'])); -else { - $folderid = $_GET['folderid']; - header("Location:../out/out.ViewFolder.php?folderid=".$folderid); -} +elseif(isset($_GET['folderid']) && is_numeric($_GET['folderid'])) + header("Location:../out/out.ViewFolder.php?folderid=".$_GET['folderid']); +else + header("Location:../index.php"); ?>