Browse Source

api/getArticle: validate id list

Andrew Dolgov 9 years ago
parent
commit
823da71a10
1 changed files with 1 additions and 1 deletions
  1. 1 1
      api/index.php

+ 1 - 1
api/index.php

@@ -274,7 +274,7 @@
 
 		case "getArticle":
 
-			$article_id = db_escape_string($_REQUEST["article_id"]);
+			$article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
 
 			$query = "SELECT id,title,link,content,feed_id,comments,int_id,
 				marked,unread,published,