From 5929fcacc288c8151a11bed68af342e866fb0cc2 Mon Sep 17 00:00:00 2001
From: Paul van Schayck <polleke@gmail.com>
Date: Sat, 29 Jan 2005 00:47:36 +0000
Subject: [PATCH] Use super globals, perform input checking

---
 commentview.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/commentview.php b/commentview.php
index b665430..5b1cf47 100644
--- a/commentview.php
+++ b/commentview.php
@@ -14,7 +14,13 @@ require(BASE."include/"."comments.php");
 
 apidb_header("Comments");
 
-view_app_comments($appId, $versionId, $threadId);
+if(!is_numeric($_REQUEST['appId']) OR !is_numeric($_REQUEST['versionId']) OR (isset($_REQUEST['threadId']) AND !is_numeric($_REQUEST['threadId'])))
+{
+    errorpage("Wrong IDs");
+    exit;
+}
+
+view_app_comments($_REQUEST['appId'], $_REQUEST['versionId'], $_REQUEST['threadId']);
 
 apidb_footer();
 ?>