SQL injection problem

DBRisinajumi · Jan 4, 2015 · b5767f2 · b5767f2
1 parent b5101d2
commit b5767f2
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/controllers/D2filesController.php b/controllers/D2filesController.php
@@ -114,15 +114,15 @@ public function actionUpload($model_name, $model_id) {
         //if (!Yii::app()->user->checkAccess($model_name . '.uploadD2File')) {
         D2files::extendedCheckAccess($model_name . '.uploadD2File');
 
-        if (!$this->performReadValidation($model_name, $model_id)) {
+        if (!$this->performReadValidation($model_name, (int)$model_id)) {
             throw new CHttpException(403, Yii::t("D2filesModule.model","You are not authorized to perform this action."));
         }
 
         Yii::import("vendor.dbrisinajumi.d2files.compnents.*");
         $oUploadHandler = new UploadHandlerD2files(
                         array(
                             'model_name' => $model_name,
-                            'model_id' => $model_id,
+                            'model_id' => (int)$model_id,
                         )
         );
 
@@ -175,7 +175,7 @@ public function actionDownloadFile($id) {
         $oUploadHandler = new UploadHandlerD2files(
                         array(
                             'model_name' => $model->model,
-                            'model_id' => $id,
+                            'model_id' => (int)$id,
                             'download_via_php' => TRUE,
                             'file_name' => $model->file_name,
                         )