api/updateArticle: validate article_ids parameter (refs #375)

This commit is contained in:
Andrew Dolgov 2011-11-05 15:00:30 +04:00
parent e894e97f49
commit 52ebaf93e9

View file

@ -207,7 +207,7 @@
break;
case "updateArticle":
$article_ids = split(",", db_escape_string($_REQUEST["article_ids"]));
$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
$mode = (int) db_escape_string($_REQUEST["mode"]);
$field_raw = (int)db_escape_string($_REQUEST["field"]);