Skip to content

Commit 5cadf9c

Browse files
author
DavidJClark
committed
Update due to SQL injection exploit
1 parent fee04fa commit 5cadf9c

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

Diff for: core/common/PopUpNewsData.class.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -15,14 +15,14 @@ public function popupnewsitem($id)
1515
{
1616
$query = 'SELECT *
1717
FROM ' . TABLE_PREFIX .'news
18-
WHERE id=' . $id . ' ';
18+
WHERE id=' . DB::escape($id) . ' ';
1919

2020
return DB::get_row($query);
2121
}
2222

2323
public function get_news_list($howmany) {
2424
$sql = 'SELECT id, subject, body, postedby, UNIX_TIMESTAMP(postdate) AS postdate
25-
FROM ' . TABLE_PREFIX .'news ORDER BY postdate DESC LIMIT '.$howmany;
25+
FROM ' . TABLE_PREFIX .'news ORDER BY postdate DESC LIMIT '.DB::escape($howmany);
2626

2727
return DB::get_results($sql);
2828
}

Diff for: core/modules/PopUpNews/PopUpNews.php

+4
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ class PopUpNews extends CodonModule
1313
{
1414
public function popupnewsitem($id) {
1515

16+
if(!is_numeric($id)){header('Location: '.url('/'));}
17+
1618
$result = PopUpNewsData::popupnewsitem($id);
1719
Template::Set('item', $result);
1820
Template::Show('popupnews/popupnews_item.tpl');
@@ -21,6 +23,8 @@ public function popupnewsitem($id) {
2123

2224
public function PopUpNewsList($howmany = 5)
2325
{
26+
if(!is_numeric($id)){exit;}
27+
2428
$res = PopUpNewsData::get_news_list($howmany);
2529

2630
if(!$res)

0 commit comments

Comments
 (0)