api/getArticle: validate id list

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Mon, 7 Nov 2011 06:18:24 +0000 (10:18 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Mon, 7 Nov 2011 06:18:24 +0000 (10:18 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Mon, 7 Nov 2011 06:18:24 +0000 (10:18 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Mon, 7 Nov 2011 06:18:24 +0000 (10:18 +0400)
diff --git a/api/index.php b/api/index.php

index 633b11a755a0e7bfd34312d8a403ce5f25e7ecf5..f6e1cb79f5abdfc7a258993128173e608d08f66e 100644 (file)
--- a/api/index.php
+++ b/api/index.php
@@ -274,7 +274,7 @@
  
                 case "getArticle":
  
-                       $article_id = db_escape_string($_REQUEST["article_id"]);
+                       $article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
  
                         $query = "SELECT id,title,link,content,feed_id,comments,int_id,
                                 marked,unread,published,
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Mon, 7 Nov 2011 06:18:24 +0000 (10:18 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Mon, 7 Nov 2011 06:18:24 +0000 (10:18 +0400)