Get the IDs from $_REQUEST and check if they are numeric.

2004-03-15 20:39:12 +00:00
parent 6d3aa59508
commit 1c7384ae38
2 changed files with 17 additions and 0 deletions
--- a/appbrowse.php
+++ b/appbrowse.php
@@ -22,9 +22,17 @@ function admin_menu()
    $m->done();
 }

+$catId = $_REQUEST['catId'];
+
 if(!$catId)
    $catId = 0; // ROOT

+if( !is_numeric($catId) )
+{
+	errorpage("Something went wrong with the category ID");
+	exit;
+}
+
 // list sub categories
 $cat = new Category($catId);
 $catFullPath = make_cat_path($cat->getCategoryPath());