|
From: Sebastian N. <no...@us...> - 2004-09-13 16:14:12
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20570 Modified Files: exit.php Log Message: fixing possible sql injection Index: exit.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/exit.php,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- exit.php 5 Jul 2004 08:25:49 -0000 1.6 +++ exit.php 13 Sep 2004 16:14:02 -0000 1.7 @@ -4,7 +4,7 @@ $url = $serendipity['baseURL']; -if (isset($_GET['url_id']) && !empty($_GET['url_id']) && isset($_GET['entry_id']) && !empty($_GET['entry_id'])) { +if (isset($_GET['url_id']) && !empty($_GET['url_id']) && isset($_GET['entry_id']) && !empty($_GET['entry_id']) && is_numeric($_GET['url_id]) && is_numeric($_GET['entry_id'])) { // See if the submitted link is in our database and should be tracked $links = serendipity_db_query("SELECT link FROM {$serendipity['dbPrefix']}references WHERE id = {$_GET['url_id']} AND entry_id = {$_GET['entry_id']}", true); |
