From 4c68cf7b2195a91cf610586a2dd7c5aa8aa0502e Mon Sep 17 00:00:00 2001 From: sunil Date: Fri, 31 Jul 2015 16:27:53 +0530 Subject: [PATCH] security fix --- CRM/Contact/Page/AJAX.php | 2 +- CRM/Core/Error.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php index b2d2ed0c07..5c6589f34a 100644 --- a/CRM/Contact/Page/AJAX.php +++ b/CRM/Contact/Page/AJAX.php @@ -336,7 +336,7 @@ class CRM_Contact_Page_AJAX { } $config = CRM_Core_Config::singleton(); - $username = trim(CRM_Utils_Type::escape($_REQUEST['cms_name'], 'String')); + $username = trim(CRM_Utils_Array::value('cms_name', $_REQUEST)); $params = array('name' => $username); diff --git a/CRM/Core/Error.php b/CRM/Core/Error.php index 49bfe0b137..b5fe44a2c9 100644 --- a/CRM/Core/Error.php +++ b/CRM/Core/Error.php @@ -335,7 +335,7 @@ class CRM_Core_Error extends PEAR_ErrorStack { if (php_sapi_name() == "cli") { print ("Sorry. A non-recoverable error has occurred.\n$message \n$code\n$email\n\n"); // Fix for CRM-16899 - //debug_print_backtrace(); + echo static::formatBacktrace(debug_backtrace()); die("\n"); // FIXME: Why doesn't this call abend()? // Difference: abend() will cleanup transaction and (via civiExit) store session state -- 2.25.1