From 52ebaf93e9074ce337c1afeaa93f611735e48d2b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 5 Nov 2011 15:00:30 +0400 Subject: [PATCH] api/updateArticle: validate article_ids parameter (refs #375) --- api/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/index.php b/api/index.php index 737ce8ab..633b11a7 100644 --- a/api/index.php +++ b/api/index.php @@ -207,7 +207,7 @@ break; case "updateArticle": - $article_ids = split(",", db_escape_string($_REQUEST["article_ids"])); + $article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); $mode = (int) db_escape_string($_REQUEST["mode"]); $field_raw = (int)db_escape_string($_REQUEST["field"]);