projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
security/core#14 Validate "context" inputs
[civicrm-core.git] / CRM / Contact / Form / Task / Delete.php
diff --git a/CRM/Contact/Form/Task/Delete.php b/CRM/Contact/Form/Task/Delete.php
index bc50f684dac23a4317de9461764ea506c10e0c8a..a05322ab6b99d09bb5672a94f645306364b809c7 100644 (file)
--- a/CRM/Contact/Form/Task/Delete.php
+++ b/CRM/Contact/Form/Task/Delete.php
@@ -150,7 +150,7 @@ class CRM_Contact_Form_Task_Delete extends CRM_Contact_Form_Task {
 
     if ($this->_single) {
       // also fix the user context stack in case the user hits cancel
-      $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'basic');
+      $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'basic');
       if ($context == 'search' && CRM_Utils_Rule::qfKey($this->_searchKey)) {
         $urlParams = "&context=$context&key=$this->_searchKey";
       }
@@ -200,7 +200,7 @@ class CRM_Contact_Form_Task_Delete extends CRM_Contact_Form_Task {
     $session = CRM_Core_Session::singleton();
     $currentUserId = $session->get('userID');
 
-    $context = CRM_Utils_Request::retrieve('context', 'String', $this, FALSE, 'basic');
+    $context = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'basic');
     $urlParams = 'force=1';
     $urlString = "civicrm/contact/search/$context";