fix XSS

author: Ivan Kohler <ivan@freeside.biz> 2012-11-11 22:34:20 -0800
committer: Ivan Kohler <ivan@freeside.biz> 2012-11-11 22:34:20 -0800
commit: 4ee7d66497689819f80f29795b93f0ba564141e7 (patch)
tree: 3ae2bcf04a7a4a04f51491261441c3ddd3f03326 /FS/FS/ClientAPI
parent: b2101823682f3738f5b367d2c1f2a7c6d47cdad1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 3f7c00432..d07b3834e 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -2037,6 +2037,9 @@ sub _usage_details {
     $p->{ending}    = $end;
   }
 
+  die "illegal beginning" if $beginning !~ /^\d*$/;
+  die "illegal ending"    if $ending    !~ /^\d*$/;
+
   my (@usage) = &$callback($svc_x, $p->{beginning}, $p->{ending}, 
     %callback_opt
   );
author	Ivan Kohler <ivan@freeside.biz>	2012-11-11 22:34:20 -0800
committer	Ivan Kohler <ivan@freeside.biz>	2012-11-11 22:34:20 -0800
commit	4ee7d66497689819f80f29795b93f0ba564141e7 (patch)
tree	3ae2bcf04a7a4a04f51491261441c3ddd3f03326 /FS/FS/ClientAPI
parent	b2101823682f3738f5b367d2c1f2a7c6d47cdad1 (diff)