Permalink
Browse files

MDL-15184: fix sql injection vulnerability

  • Loading branch information...
gbateson
gbateson committed Jul 1, 2008
1 parent 8fd3d38 commit 4fc304ca828521fc5a4b0f6dab5ccf8aeb9120e4
Showing with 8 additions and 4 deletions.
  1. +8 −4 mod/hotpot/report.php
View
@@ -377,10 +377,14 @@ function hotpot_delete_selected_attempts(&$hotpot, $del) {
$select = "hotpot='$hotpot->id' AND status=".HOTPOT_STATUS_ABANDONED;
break;
case 'selection':
- $ids = (array)data_submitted();
- unset($ids['del']);
- unset($ids['id']);
- if (!empty($ids)) {
+ $ids = array();
+ $data = (array)data_submitted();
+ foreach ($data as $name => $value) {
+ if (preg_match('/^box\d+$/', $name)) {
+ $ids[] = intval($value);
+ }
+ }
+ if (count($ids)) {
$select = "hotpot='$hotpot->id' AND clickreportid IN (".implode(',', $ids).")";
}
break;

0 comments on commit 4fc304c

Please sign in to comment.