claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fixes. Ensure that numeric values are actually numeric using is_numeric

Browse Source 
so users can't login as admin by passing in non-numeric values.
This commit is contained in:
Jonathan Ernst
2005-03-23 23:56:38 +00:00
committed by WineHQ
parent d4bde62c23
commit 06ea1b6d3d
6 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/comment.php
View File

@@ -25,7 +25,7 @@ class Comment {
*/
function Comment($iCommentId="")
{
if($iCommentId)
if(is_numeric($iCommentId))
{
$sQuery = "SELECT appComments.*, appVersion.appId AS appId