Security fixes. Ensure that numeric values are actually numeric using is_numeric

so users can't login as admin by passing in non-numeric values.
2005-03-23 23:56:38 +00:00
parent d4bde62c23
commit 06ea1b6d3d
6 changed files with 8 additions and 8 deletions
--- a/include/vendor.php
+++ b/include/vendor.php
@@ -18,7 +18,7 @@ class Vendor {
    function Vendor($iVendorId = null)
    {
        // we are working on an existing vendor
-        if($iVendorId)
+        if(is_numeric($iVendorId))
        {
            /*
             * We fetch the data related to this vendor.