From 78dd2103fe9e5fa41fcbf7c18376b6e500bd5126 Mon Sep 17 00:00:00 2001
From: Pradeep Nayak <pradpnayak@gmail.com>
Date: Wed, 26 Aug 2015 02:15:58 +0530
Subject: [PATCH] --CRM-16906, applied Joe's commit
 https://github.com/civicrm/civicrm-core/commit/663893bd24126e3c9e89e0f66195805bb71b7a50

---
 CRM/Campaign/BAO/Petition.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/CRM/Campaign/BAO/Petition.php b/CRM/Campaign/BAO/Petition.php
index bb952463e1..55f411550c 100644
--- a/CRM/Campaign/BAO/Petition.php
+++ b/CRM/Campaign/BAO/Petition.php
@@ -267,15 +267,21 @@ AND         tag_id = ( SELECT id FROM civicrm_tag WHERE name = %2 )";
       2 => array($tag_name, 'String'),
     );
     CRM_Core_DAO::executeQuery($sql, $params);
-
-    // set permanent cookie to indicate this users email address now confirmed
-    setcookie("confirmed_{$petition_id}",
-      $activity_id,
-      time() + $this->cookieExpire,
-      '/'
-    );
-
-    return TRUE;
+    // validate arguments to setcookie are numeric to prevent header manipulation
+    if (isset($petition_id) && is_numeric($petition_id)
+      && isset($activity_id) && is_numeric($activity_id)) {
+      // set permanent cookie to indicate this users email address now confirmed
+      setcookie("confirmed_{$petition_id}",
+        $activity_id,
+        time() + $this->cookieExpire,
+        '/'
+      );
+      return TRUE;
+    }
+    else {
+      // TODO: raise an error?
+      return FALSE;
+    }
   }
 
   /**
-- 
2.25.1