Do not evaluate $_REQUEST superglobal directly in CiviSEPA dashboard

Project60 · Aug 22, 2024 · 0d1de98 · 0d1de98
1 parent 165af16
commit 0d1de98
Showing 1 changed file with 2 additions and 7 deletions.
diff --git a/CRM/Sepa/Page/DashBoard.php b/CRM/Sepa/Page/DashBoard.php
@@ -31,13 +31,8 @@ class CRM_Sepa_Page_DashBoard extends CRM_Core_Page {
   function run() {
     CRM_Utils_System::setTitle(ts('CiviSEPA Dashboard', array('domain' => 'org.project60.sepa')));
     // get requested group status
-    if (isset($_REQUEST['status'])) {
-      if ($_REQUEST['status'] != 'open' && $_REQUEST['status'] != 'closed') {
-        $status = 'open';
-      } else {
-        $status = $_REQUEST['status'];
-      }
-    } else {
+    $status = CRM_Utils_Request::retrieve('status', 'String');
+    if ('open' !== $status && 'closed' !== $status) {
       $status = 'open';
     }