From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sat, 5 Nov 2011 11:00:30 +0000 (+0400)
Subject: api/updateArticle: validate article_ids parameter (refs #375)
X-Git-Tag: 1.5.7~49
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=52ebaf93e9074ce337c1afeaa93f611735e48d2b;p=tt-rss.git

api/updateArticle: validate article_ids parameter (refs #375)
---

diff --git a/api/index.php b/api/index.php
index 737ce8ab..633b11a7 100644
--- a/api/index.php
+++ b/api/index.php
@@ -207,7 +207,7 @@
 			break;
 
 		case "updateArticle":
-			$article_ids = split(",", db_escape_string($_REQUEST["article_ids"]));
+			$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
 			$mode = (int) db_escape_string($_REQUEST["mode"]);
 			$field_raw = (int)db_escape_string($_REQUEST["field"]);