diff options
| author | Andrew Dolgov <[email protected]> | 2011-11-07 10:18:24 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2011-11-07 10:18:24 +0400 |
| commit | 823da71a1036e20d3e34de3aa1930026d0b6c8c5 (patch) | |
| tree | 4cf7d358ca50ba47bfbd615b08377dd45bcfd60a /api | |
| parent | edfab7bd7f9adde267aed954a4d3239b8a62c815 (diff) | |
api/getArticle: validate id list
Diffstat (limited to 'api')
| -rw-r--r-- | api/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/api/index.php b/api/index.php index 633b11a75..f6e1cb79f 100644 --- a/api/index.php +++ b/api/index.php @@ -274,7 +274,7 @@ case "getArticle": - $article_id = db_escape_string($_REQUEST["article_id"]); + $article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric)); $query = "SELECT id,title,link,content,feed_id,comments,int_id, marked,unread,published, |