From ae3b27acf630b9931dce5a145a3dcf24202bab08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Pfl=C3=BCger?= <stefan@homepage4us.de>
Date: Sun, 2 Jan 2005 17:00:04 +0000
Subject: [PATCH] Escape $_POST vars with mysql_real_escape_string() to prevent
 sql injection attacks.

---
 votestats.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/votestats.php b/votestats.php
index 500dd1a..8b31702 100644
--- a/votestats.php
+++ b/votestats.php
@@ -17,10 +17,14 @@ $categoryId = "any"; /* default to all categories */
 /* process the post variables to override the default settings */
 if($_POST)
 {
-    if(isset($_POST['topNumber'])) $topNumber = $_POST['topNumber'];
-    if(isset($_POST['categoryId'])) $categoryId = $_POST['categoryId'];
+    if(isset($_POST['topNumber'])) $topNumber = (int)mysql_real_escape_string($_POST['topNumber']);
+    if(isset($_POST['categoryId'])) $categoryId = mysql_real_escape_string($_POST['categoryId']);
 }
 
+/* Check if the value makes sense */
+if(!is_integer($topNumber) || $topNumber > 200 || $topNumber < 1)
+    $topNumber = 25;
+
 apidb_header("Vote Stats - Top $topNumber Applications");
 
 /* display the selection for the top number of apps to view */