- Improving security by added -limit_to xxx to all im_opt_val calls

c08a9c7e · Frank Bergmann · 4d8ebbd1 · c08a9c7e
Commit c08a9c7e authored Jun 11, 2020 by Frank Bergmann
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

index.tcl www/index.tcl +1 -1

No files found.
--- a/www/index.tcl
+++ b/www/index.tcl
@@ -10,7 +10,7 @@ ad_page_contract {

 set user_id [auth::require_login]
 set page_title [lang::message::lookup "" intranet-workflow.Workflow_Home "Workflow Home"]
-set workflow_home_inbox [im_workflow_home_inbox_component -relationship "assignment_group" -filter_object_type [im_opt_val filter_object_type] -filter_workflow_key [im_opt_val filter_workflow_key] -filter_subtype_id [im_opt_val filter_subtype_id] -filter_status_id [im_opt_val filter_status_id] -filter_owner_id [im_opt_val filter_owner_id] -filter_wf_action [im_opt_val filter_wf_action]]
+set workflow_home_inbox [im_workflow_home_inbox_component -relationship "assignment_group" -filter_object_type [im_opt_val -limit_to alnum filter_object_type] -filter_workflow_key [im_opt_val -limit_to alnum filter_workflow_key] -filter_subtype_id [im_opt_val -limit_to integer filter_subtype_id] -filter_status_id [im_opt_val -limit_to integer filter_status_id] -filter_owner_id [im_opt_val -limit_to integer filter_owner_id] -filter_wf_action [im_opt_val -limit_to nohtml filter_wf_action]]
 set workflow_home_component [im_workflow_home_component]
 set return_url [im_url_with_query]
 set left_menu_p [parameter::get_from_package_key -package_key "intranet-core" -parameter ShowLeftFunctionalMenupP -default 0]