From: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Date: Thu, 3 Jul 2008 21:31:11 +0000 (+0200)
Subject: Fixes a (potentially not exploitable) SQL injection in ajax/tips.
X-Git-Tag: xorg/0.9.17~62
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=73279cf80bdac6acc811dff135f4218a38e9b8da;p=platal.git

Fixes a (potentially not exploitable) SQL injection in ajax/tips.

Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
---

diff --git a/modules/events.php b/modules/events.php
index 75ef0b2..1dda5da 100644
--- a/modules/events.php
+++ b/modules/events.php
@@ -59,7 +59,7 @@ class EventsModule extends PLModule
                          'special'   => true);
         }
 
-        $exclude  = is_null($exclude) ? '' : ' AND id != ' . $exclude . ' ';
+        $exclude  = is_null($exclude) ? '' : ' AND id != ' . intval($exclude) . ' ';
         $priority = rand(0, 510);
         do {
             $priority = (int)($priority/2);