Merge pull request #14355 from seamuslee001/harden_extern_open

Validate queue_id is a positive integer before passing to the BAO
civicrm · May 29, 2019 · 80b41f5 · 80b41f5
2 parents 7b5909f + f3e9be3
commit 80b41f5
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/extern/open.php b/extern/open.php
@@ -2,10 +2,12 @@
 require_once '../civicrm.config.php';
 require_once 'CRM/Core/Config.php';
 require_once 'CRM/Core/Error.php';
-require_once 'CRM/Utils/Array.php';
+require_once 'CRM/Utils/Type.php';
+require_once 'CRM/Utils/Rule.php';
+require_once 'CRM/Utils/Request.php';
 
 $config = CRM_Core_Config::singleton();
-$queue_id = CRM_Utils_Array::value('q', $_GET);
+$queue_id = CRM_Utils_Request::retrieveValue('q', 'Positive', NULL, FALSE, 'GET');
 if (!$queue_id) {
   echo "Missing input parameters\n";
   exit();