All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 78007318 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Sanity check $single argument before using in DB query.

parent 9cb659c5
......@@ -247,6 +247,7 @@ if ($isadmin) {
# Allow users to view a single message
$which_msgid_clause = "1"; # MySQL will optimize this out
if (isset($single)) {
$single = addslashes($single);
$which_msgid_clause = "msgid='$single'";
$show_archive_clause = 1;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment