diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-12-05 20:17:02 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-12-05 20:17:02 +0000 |
| commit | ab78dadd5166cce0b09adea43fcd1b8eaf70d440 (patch) | |
| tree | 9cbf85d5fec6f7d9b86196ec7cecc53ba1d0329e | |
| parent | 5b6acba1d2d9d3039fca231ccfc82585fce66590 (diff) | |
| download | brdo-ab78dadd5166cce0b09adea43fcd1b8eaf70d440.tar.gz brdo-ab78dadd5166cce0b09adea43fcd1b8eaf70d440.tar.bz2 | |
- Patch #520764 by Damien Tournoud, JoshuaRogers, brianV: fixed SA-CORE-2009-007: request values in URL, including password/username.
| -rw-r--r-- | includes/pager.inc | 2 | ||||
| -rw-r--r-- | includes/tablesort.inc | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/includes/pager.inc b/includes/pager.inc index 211fe9a76..7430cfe8c 100644 --- a/includes/pager.inc +++ b/includes/pager.inc @@ -180,7 +180,7 @@ class PagerDefault extends SelectQueryExtender { function pager_get_query_parameters() { $query = &drupal_static(__FUNCTION__); if (!isset($query)) { - $query = drupal_get_query_parameters($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE))); + $query = drupal_get_query_parameters($_GET, array('q', 'page')); } return $query; } diff --git a/includes/tablesort.inc b/includes/tablesort.inc index 93ed0f37e..cd0136bc1 100644 --- a/includes/tablesort.inc +++ b/includes/tablesort.inc @@ -221,7 +221,7 @@ function tablesort_cell($cell, $header, $ts, $i) { * page request except for those pertaining to table sorting. */ function tablesort_get_query_parameters() { - return drupal_get_query_parameters($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE))); + return drupal_get_query_parameters($_GET, array('q', 'sort', 'order')); } /** |