Browse Source

api/updateArticle: validate article_ids parameter (refs #375)

Andrew Dolgov 9 years ago
parent
commit
52ebaf93e9
1 changed files with 1 additions and 1 deletions
  1. 1 1
      api/index.php

+ 1 - 1
api/index.php

@@ -207,7 +207,7 @@
 			break;
 
 		case "updateArticle":
-			$article_ids = split(",", db_escape_string($_REQUEST["article_ids"]));
+			$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
 			$mode = (int) db_escape_string($_REQUEST["mode"]);
 			$field_raw = (int)db_escape_string($_REQUEST["field"]);