From 19e24b4fe2905656ea1c8576e00389396ec3a14e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 6 Dec 2018 07:08:54 +0300
Subject: force cast profile id to integer when assigning to session variable

---
 classes/rpc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/rpc.php')

diff --git a/classes/rpc.php b/classes/rpc.php
index bd4337fbe..41325d62a 100755
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -8,7 +8,7 @@ class RPC extends Handler_Protected {
 	}
 
 	function setprofile() {
-		$_SESSION["profile"] = clean($_REQUEST["id"]);
+		$_SESSION["profile"] = (int) clean($_REQUEST["id"]);
 
 		// default value
 		if (!$_SESSION["profile"]) $_SESSION["profile"] = null;
-- 
cgit v1.2.3