Enano CMS (1.1.x): changeset 900:c5409416b61b

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help

--- a/index.php	Sun Apr 12 19:24:33 2009 -0400
+++ b/index.php	Sun Apr 12 19:25:07 2009 -0400
@@ -537,9 +537,18 @@
       $template->header();
       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
-      if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
-      if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
-         !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
+      if ( !$id1 || !$id2 )
+      {
+        echo '<p>Invalid request.</p>';
+        $template->footer();
+        break;
+      }
+      if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) )
+      {
+        echo '<p>SQL injection attempt</p>';
+        $template->footer();
+        break;
+      }
       echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
       $template->footer();
       break;

author	Dan
	Sun, 12 Apr 2009 19:25:07 -0400
changeset 900	c5409416b61b
parent 899	df88cedf0995
child 901	99ea0b0ac4be