Commit 0e9e9ebc authored by Jonathon Duerig's avatar Jonathon Duerig
Browse files

Verify that announcement id is an integer before using it.

parent 705c5dbd
......@@ -24,6 +24,7 @@
chdir("..");
include_once("webtask.php");
include_once("geni_defs.php");
include_once("dbcheck.php3");
chdir("apt");
include_once("profile_defs.php");
include_once("instance_defs.php");
......@@ -37,7 +38,9 @@ function Do_Dismiss()
$uid_idx = $this_user->uid_idx();
$aid = $ajax_args['aid'];
$dblink = DBConnect("tbdb");
DBQueryWarn('update apt_announcement_info set dismissed=1 where aid="'.$aid.'" and uid_idx="'.$uid_idx.'"', $dblink);
if (TBvalid_integer($aid)) {
DBQueryWarn('update apt_announcement_info set dismissed=1 where aid="'.$aid.'" and uid_idx="'.$uid_idx.'"', $dblink);
}
}
#
......@@ -49,5 +52,7 @@ function Do_Click()
$uid_idx = $this_user->uid_idx();
$aid = $ajax_args['aid'];
$dblink = DBConnect("tbdb");
DBQueryWarn('update apt_announcement_info set clicked=1 where aid="'.$aid.'" and uid_idx="'.$uid_idx.'"', $dblink);
if (TBvalid_integer($aid)) {
DBQueryWarn('update apt_announcement_info set clicked=1 where aid="'.$aid.'" and uid_idx="'.$uid_idx.'"', $dblink);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment