diff options
| author | Andrew Dolgov <[email protected]> | 2011-11-05 15:00:30 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2011-11-05 15:00:30 +0400 |
| commit | 52ebaf93e9074ce337c1afeaa93f611735e48d2b (patch) | |
| tree | 5e1d661af5e02e987ad8d37d0b7561bf551b8566 /api | |
| parent | e894e97f495597584aea2f86e78767910b5f71e6 (diff) | |
api/updateArticle: validate article_ids parameter (refs #375)
Diffstat (limited to 'api')
| -rw-r--r-- | api/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/api/index.php b/api/index.php index 737ce8abf..633b11a75 100644 --- a/api/index.php +++ b/api/index.php @@ -207,7 +207,7 @@ break; case "updateArticle": - $article_ids = split(",", db_escape_string($_REQUEST["article_ids"])); + $article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); $mode = (int) db_escape_string($_REQUEST["mode"]); $field_raw = (int)db_escape_string($_REQUEST["field"]); |