Permalink
Browse files

add check for products_id (issue #89)

  • Loading branch information...
1 parent e1196da commit ef00e4d984bb872bde063208391c97cdbda3d36a @haraldpdl haraldpdl committed Nov 7, 2010
Showing with 4 additions and 0 deletions.
  1. +4 −0 catalog/product_reviews.php
View
4 catalog/product_reviews.php
@@ -12,6 +12,10 @@
require('includes/application_top.php');
+ if (!isset($HTTP_GET_VARS['products_id']) || !is_numeric($HTTP_GET_VARS['products_id'])) {
+ tep_redirect(tep_href_link(FILENAME_REVIEWS));
+ }
+
$product_info_query = tep_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "'");
if (!tep_db_num_rows($product_info_query)) {
tep_redirect(tep_href_link(FILENAME_REVIEWS));

0 comments on commit ef00e4d

Please sign in to comment.