Commit 78007318 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Sanity check $single argument before using in DB query.

parent 9cb659c5
......@@ -247,6 +247,7 @@ if ($isadmin) {
# Allow users to view a single message
$which_msgid_clause = "1"; # MySQL will optimize this out
if (isset($single)) {
$single = addslashes($single);
$which_msgid_clause = "msgid='$single'";
$show_archive_clause = 1;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment