From cd129064288dd23aa99e22adefe3c1900cf912d7 Mon Sep 17 00:00:00 2001 From: x2004laborde Date: Thu, 12 Apr 2007 17:32:56 +0000 Subject: [PATCH] some protection git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1692 839d8a87-29fc-0310-9880-83ba4fa771e5 --- modules/survey.php | 4 ++++ modules/survey/survey.inc.php | 2 ++ 2 files changed, 6 insertions(+) diff --git a/modules/survey.php b/modules/survey.php index 70dad6a..bf9bb4a 100644 --- a/modules/survey.php +++ b/modules/survey.php @@ -131,6 +131,7 @@ class SurveyModule extends PLModule $page->assign('survey_old', Survey::retrieveList('o')); $page->assign('survey_modes', Survey::getModes(false)); } else { + $id = intval($id); $survey = Survey::retrieveSurvey($id); // retrieves all survey object structure if ($survey == null) { $this->show_error($page, "Sondage ".$id." introuvable.", 'admin'); @@ -147,6 +148,7 @@ class SurveyModule extends PLModule if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'admin'); } + $id = intval($id); require_once dirname(__FILE__).'/survey/survey.inc.php'; $survey = Survey::retrieveSurvey($id); // retrieves the survey in database $this->clear_session(); // cleans session (in case there would have been a problem before) @@ -166,6 +168,7 @@ class SurveyModule extends PLModule if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'admin'); } + $id = intval($id); require_once dirname(__FILE__).'/survey/survey.inc.php'; $surveyInfo = Survey::retrieveSurveyInfo($id); // retrieves information about the survey (does not retrieve and unserialize the object structure) if ($surveyInfo == null) { @@ -194,6 +197,7 @@ class SurveyModule extends PLModule if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'admin'); } + $id = intval($id); require_once dirname(__FILE__).'/survey/survey.inc.php'; $surveyInfo = Survey::retrieveSurveyInfo($id); // retrieves information about the survey (does not retrieve and unserialize the object structure) if ($surveyInfo == null) { diff --git a/modules/survey/survey.inc.php b/modules/survey/survey.inc.php index 27b11db..168a226 100644 --- a/modules/survey/survey.inc.php +++ b/modules/survey/survey.inc.php @@ -265,6 +265,7 @@ class Survey // {{{ questions manipulation functions public function addQuestion($i, $c) { + $i = intval($i); if ($this->valid || $i > count($this->questions)) { return false; } else { @@ -275,6 +276,7 @@ class Survey public function delQuestion($i) { + $i = intval($i); if ($this->valid || !array_key_exists($i, $this->questions)) { return false; } else { -- 2.1.4