From a94d17ab2310a0129ee5845f064d585a4d3e2474 Mon Sep 17 00:00:00 2001
From: "Leigh B. Stoller" <stoller@flux.utah.edu>
Date: Thu, 21 Oct 2004 10:52:23 +0000
Subject: [PATCH] Reg check the argument before sending to mysql. Sheesh!

---
 www/showthumb.php3 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/www/showthumb.php3 b/www/showthumb.php3
index 895981f307..ac5bd90d00 100644
--- a/www/showthumb.php3
+++ b/www/showthumb.php3
@@ -1,7 +1,7 @@
 <?php
 #
 # EMULAB-COPYRIGHT
-# Copyright (c) 2000-2003 University of Utah and the Flux Group.
+# Copyright (c) 2000-2004 University of Utah and the Flux Group.
 # All rights reserved.
 #
 include("defs.php3");
@@ -19,6 +19,9 @@ if (!isset($idx) ||
     strcmp($idx, "") == 0) {
     USERERROR("You must provide an ID.", 1);
 }
+if (!preg_match("/^\d+$/", $idx)) {
+    PAGEARGERROR("Invalid ID argument.");
+}
 
 #
 # Get the thumb from the DB. 
-- 
GitLab