From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Oct 2013 08:17:26 -0400 Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) --- program/steps/settings/save_prefs.inc | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/program/steps/settings/save_prefs.inc b/program/steps/settings/save_prefs.inc index 140f173..945005d 100644 --- a/program/steps/settings/save_prefs.inc +++ b/program/steps/settings/save_prefs.inc @@ -156,8 +156,8 @@ $a_user_prefs['timezone'] = (string) $a_user_prefs['timezone']; - if (isset($a_user_prefs['refresh_interval']) && !empty($CONFIG['min_refresh_interval'])) { - if ($a_user_prefs['refresh_interval'] > $CONFIG['min_refresh_interval']) { + if (!empty($a_user_prefs['refresh_interval']) && !empty($CONFIG['min_refresh_interval'])) { + if ($a_user_prefs['refresh_interval'] < $CONFIG['min_refresh_interval']) { $a_user_prefs['refresh_interval'] = $CONFIG['min_refresh_interval']; } } -- Gitblit v1.9.1