From 0d1de98a941674977fa0ae9394e9669dc6693d8f Mon Sep 17 00:00:00 2001
From: Jens Schuppe <schuppe@systopia.de>
Date: Thu, 22 Aug 2024 12:49:42 +0200
Subject: [PATCH] Do not evaluate $_REQUEST superglobal directly in CiviSEPA
 dashboard

---
 CRM/Sepa/Page/DashBoard.php | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/CRM/Sepa/Page/DashBoard.php b/CRM/Sepa/Page/DashBoard.php
index 84a3b073..33f775f1 100644
--- a/CRM/Sepa/Page/DashBoard.php
+++ b/CRM/Sepa/Page/DashBoard.php
@@ -31,13 +31,8 @@ class CRM_Sepa_Page_DashBoard extends CRM_Core_Page {
   function run() {
     CRM_Utils_System::setTitle(ts('CiviSEPA Dashboard', array('domain' => 'org.project60.sepa')));
     // get requested group status
-    if (isset($_REQUEST['status'])) {
-      if ($_REQUEST['status'] != 'open' && $_REQUEST['status'] != 'closed') {
-        $status = 'open';
-      } else {
-        $status = $_REQUEST['status'];
-      }
-    } else {
+    $status = CRM_Utils_Request::retrieve('status', 'String');
+    if ('open' !== $status && 'closed' !== $status) {
       $status = 'open';
     }