From: Andrew Dolgov Date: Mon, 7 Nov 2011 06:18:24 +0000 (+0400) Subject: api/getArticle: validate id list X-Git-Tag: 1.5.7~47 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=823da71a1036e20d3e34de3aa1930026d0b6c8c5;p=tt-rss.git api/getArticle: validate id list --- diff --git a/api/index.php b/api/index.php index 633b11a7..f6e1cb79 100644 --- a/api/index.php +++ b/api/index.php @@ -274,7 +274,7 @@ case "getArticle": - $article_id = db_escape_string($_REQUEST["article_id"]); + $article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric)); $query = "SELECT id,title,link,content,feed_id,comments,int_id, marked,unread,published,