api/updateArticle: validate article_ids parameter (refs #375)

2025-12-15 05:35:56 +00:00 · 2011-11-05 15:00:30 +04:00
parent e894e97f49
commit 52ebaf93e9
1 changed files with 1 additions and 1 deletions
--- a/api/index.php
+++ b/api/index.php
@@ -207,7 +207,7 @@
 			break;
 		case "updateArticle":
-			$article_ids = split(",", db_escape_string($_REQUEST["article_ids"]));
+			$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
 			$mode = (int) db_escape_string($_REQUEST["mode"]);
 			$field_raw = (int)db_escape_string($_REQUEST["field"]);