Fixes a (potentially not exploitable) SQL injection in ajax/tips.

author Vincent Zanotti <vincent.zanotti@polytechnique.org>

Thu, 3 Jul 2008 21:31:11 +0000 (23:31 +0200)

committer Vincent Zanotti <vincent.zanotti@polytechnique.org>

Thu, 3 Jul 2008 21:31:11 +0000 (23:31 +0200)
author Vincent Zanotti <vincent.zanotti@polytechnique.org>
Thu, 3 Jul 2008 21:31:11 +0000 (23:31 +0200)
committer Vincent Zanotti <vincent.zanotti@polytechnique.org>
Thu, 3 Jul 2008 21:31:11 +0000 (23:31 +0200)
diff --git a/modules/events.php b/modules/events.php

index 75ef0b2..1dda5da 100644 (file)
--- a/modules/events.php
+++ b/modules/events.php
@@ -59,7 +59,7 @@ class EventsModule extends PLModule
                           'special'   => true);
          }
  
-        $exclude  = is_null($exclude) ? '' : ' AND id != ' . $exclude . ' ';
+        $exclude  = is_null($exclude) ? '' : ' AND id != ' . intval($exclude) . ' ';
          $priority = rand(0, 510);
          do {
              $priority = (int)($priority/2);
author	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Thu, 3 Jul 2008 21:31:11 +0000 (23:31 +0200)
committer	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Thu, 3 Jul 2008 21:31:11 +0000 (23:31 +0200)