From 336e0c032cc0f9e9547853f814ebffdfd00c5e2d Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Fri, 2 Nov 2018 18:08:02 +0100
Subject: post instead of get

---
 src/admin/report/header.php  | 2 +-
 src/admin/report/webcast.php | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/admin/report')

diff --git a/src/admin/report/header.php b/src/admin/report/header.php
index 50c36af..77e524a 100644
--- a/src/admin/report/header.php
+++ b/src/admin/report/header.php
@@ -30,7 +30,7 @@ require_once($locr . "/globals.php");
 require_once($locr."/db.php");
 require_once($locr."/freport.php");
 
-if(isset($_GET['webcastcode']) && ctype_alnum($_GET['webcastcode'])) {
+if(isset($_POST['webcastcode']) && ctype_alnum($_POST['webcastcode'])) {
   header ("Content-transfer-encoding: binary\n");
   header ("Content-type: application/force-download");
   ob_end_flush();
diff --git a/src/admin/report/webcast.php b/src/admin/report/webcast.php
index 54ec4b8..a6aaceb 100644
--- a/src/admin/report/webcast.php
+++ b/src/admin/report/webcast.php
@@ -17,8 +17,8 @@
 ////////////////////////////////////////////////////////////////////////////////
 
 require('header.php');
-if(!isset($_GET['webcastcode']) || !ctype_alnum($_GET['webcastcode'])) exit;
-$webcastcode=$_GET['webcastcode'];
+if(!isset($_POST['webcastcode']) || !ctype_alnum($_POST['webcastcode'])) exit;
+$webcastcode=$_POST['webcastcode'];
 
 $ds = DIRECTORY_SEPARATOR;
 if($ds=="") $ds = "/";
@@ -69,7 +69,7 @@ $ct = DBContestInfo($contest);
 if(($st =  DBSiteInfo($contest, $site)) == null)
 	ForceLoad("../index.php");
 
-if(isset($_GET['full']) && $_GET['full'] > 0)
+if(isset($_POST['full']) && $_POST['full'] > 0)
   $freezeTime = $st['siteduration'];
 else
   $freezeTime = $st['sitelastmilescore'];
-- 
cgit v1.2.3