From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/settings/save_prefs.inc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/steps/settings/save_prefs.inc b/program/steps/settings/save_prefs.inc
index dfb2b13..945005d 100644
--- a/program/steps/settings/save_prefs.inc
+++ b/program/steps/settings/save_prefs.inc
@@ -156,7 +156,7 @@
 
     $a_user_prefs['timezone'] = (string) $a_user_prefs['timezone'];
 
-    if (isset($a_user_prefs['refresh_interval']) && !empty($CONFIG['min_refresh_interval'])) {
+    if (!empty($a_user_prefs['refresh_interval']) && !empty($CONFIG['min_refresh_interval'])) {
       if ($a_user_prefs['refresh_interval'] < $CONFIG['min_refresh_interval']) {
         $a_user_prefs['refresh_interval'] = $CONFIG['min_refresh_interval'];
       }

--
Gitblit v1.9.1