Commit a94d17ab authored by Leigh B. Stoller's avatar Leigh B. Stoller

Reg check the argument before sending to mysql. Sheesh!

parent e4ecd643
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group. # Copyright (c) 2000-2004 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -19,6 +19,9 @@ if (!isset($idx) || ...@@ -19,6 +19,9 @@ if (!isset($idx) ||
strcmp($idx, "") == 0) { strcmp($idx, "") == 0) {
USERERROR("You must provide an ID.", 1); USERERROR("You must provide an ID.", 1);
} }
if (!preg_match("/^\d+$/", $idx)) {
PAGEARGERROR("Invalid ID argument.");
}
# #
# Get the thumb from the DB. # Get the thumb from the DB.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment