api/updateArticle: validate article_ids parameter (refs #375)

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sat, 5 Nov 2011 11:00:30 +0000 (15:00 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sat, 5 Nov 2011 11:00:30 +0000 (15:00 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 5 Nov 2011 11:00:30 +0000 (15:00 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 5 Nov 2011 11:00:30 +0000 (15:00 +0400)
diff --git a/api/index.php b/api/index.php

index 737ce8abfbbe4b10d5455cac14506af0808f9994..633b11a755a0e7bfd34312d8a403ce5f25e7ecf5 100644 (file)
--- a/api/index.php
+++ b/api/index.php
@@ -207,7 +207,7 @@
                         break;
  
                 case "updateArticle":
-                       $article_ids = split(",", db_escape_string($_REQUEST["article_ids"]));
+                       $article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
                         $mode = (int) db_escape_string($_REQUEST["mode"]);
                         $field_raw = (int)db_escape_string($_REQUEST["field"]);
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sat, 5 Nov 2011 11:00:30 +0000 (15:00 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sat, 5 Nov 2011 11:00:30 +0000 (15:00 +0400)