Skip to content

Commit 57e4409

Browse files
committed
Fix SQL injection in read.php's - thanks, stjohns\!
1 parent 4512e3f commit 57e4409

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

Diff for: read.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ interface_disp_page($page);
7171
if (User::logged_in()) {
7272
//TODO add searchname instead?
7373
$page->url = add_param($page->url, 'searchnum', $searchnum);
74-
$addtolist = (isset($_POST['addtolist']) ? $_POST['addtolist'] : false);
74+
$addtolist = (isset($_POST['addtolist']) ? (bool)$_POST['addtolist'] : false);
7575
// if person is manipulating which tier this plan is on their autoread list
7676
if (isset($_POST['block_user'])) {
7777
if ($_POST['block_user'] == 1) {
@@ -91,12 +91,12 @@ interface_disp_page($page);
9191
$msg = new InfoText("User " . $planinfo[0][0] . " has been unblocked.");
9292
}
9393
$page->append($msg);
94-
} else if ($addtolist == 1) {
95-
$privlevel = (isset($_POST['privlevel']) ? $_POST['privlevel'] : 0);
94+
} else if ($addtolist) {
95+
$privlevel = (isset($_POST['privlevel']) ? (int)$_POST['privlevel'] : 0);
9696
if ($privlevel == 0) {
9797
mysql_query("DELETE FROM autofinger WHERE owner = '$idcookie' and interest = '$searchnum'");
9898
$yay = new InfoText("User " . $planinfo[0][0] . " removed from your autoread list.");
99-
} else {
99+
} else if ($privlevel > 0 && $privlevel <= 3) {
100100
mysql_query("INSERT INTO autofinger (owner, interest, priority) VALUES ('$idcookie', '$searchnum', '$privlevel') ON DUPLICATE KEY UPDATE priority=$privlevel");
101101
$yay = new InfoText("User " . $planinfo[0][0] . " is now on your autoread list with priority level of " . $privlevel . ".");
102102
}

0 commit comments

Comments
 (0)