Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-30 03:09:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix SQL injection in admin_reports.php

Browse Source
This commit is contained in:
Mark Samman 2014-10-29 19:32:48 +01:00
parent 0a82152b97
commit 3c70b55ae3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin_reports.php
View File

@ -41,9 +41,9 @@ if (!empty($_POST)) {
$customPoints = getValue($_POST['customPoints']); $customPoints = getValue($_POST['customPoints']);
$reportId = getValue($_POST['id']); $reportId = getValue($_POST['id']);
$changelogReportId = &$_POST['changelogReportId']; $changelogReportId = (int)$_POST['changelogReportId'];
$changelogValue = &$_POST['changelogValue']; $changelogValue = &$_POST['changelogValue'];
$changelogText = &$_POST['changelogText']; $changelogText = getValue($_POST['changelogText']);
$changelogStatus = ($changelogReportId !== false && $changelogValue === '2' && $changelogText !== false) ? true : false; $changelogStatus = ($changelogReportId !== false && $changelogValue === '2' && $changelogText !== false) ? true : false;
if ($customPoints !== false) $price = (int)($price + $customPoints); if ($customPoints !== false) $price = (int)($price + $customPoints);