GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fixing several SQL injections
[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / set_bookmark_category.inc
diff --git a/wwwroot/inc/eventz/set_bookmark_category.inc b/wwwroot/inc/eventz/set_bookmark_category.inc
index 159a0859ff08f528f8ffcf522fa24618d524c0b3..26bb1ea9819615222696b54180a707abfe43aad2 100644 (file)
--- a/wwwroot/inc/eventz/set_bookmark_category.inc
+++ b/wwwroot/inc/eventz/set_bookmark_category.inc
@@ -4,7 +4,12 @@
 function set_bookmark_category() {
        global $node,$db,$error;
        $bookmarks=$_POST['bookmarks_chosen'];
-       $category_id=$_POST['bookmark_category_id'];
+
+       if (isset($_POST['bookmark_category_id']) && 
+               is_numeric($_POST['bookmark_category_id'])) {
+               $category_id=$_POST['bookmark_category_id'];
+       }
+
        $new_parent=nodes::getNodeById($category_id,$_SESSION['user_id']);
        $new_parent_permissions=permissions::checkPermissions($new_parent);
 
@@ -20,6 +25,11 @@ function set_bookmark_category() {
        foreach ($bookmarks as $chosen_id) {
 
                unset($chosen);
+               if (!is_numeric($chosen_id)) 
+               {
+                       $error=$error_messages['What a strange number..'];      
+                       return false;
+               }
 
                 $db->query("start transaction");
 
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Mon, 03 Jun 2024 15:50:08 +0200)
This page took 0.138191 seconds and 4 git commands to generate.