Changeset 1535


Ignore:
Timestamp:
Aug 14, 2006, 10:56:10 PM (18 years ago)
Author:
nikrou
Message:

fix bug 518: anyone can delete or validate a comment
comment_id must be int: use of intval function to use it in the query.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/branch-1_6/comments.php

    r1092 r1535  
    149149// +-----------------------------------------------------------------------+
    150150// comments deletion
    151 if (isset($_POST['delete']) and count($_POST['comment_id']) > 0)
    152 {
     151if (isset($_POST['delete']) and count($_POST['comment_id']) > 0 and is_admin())
     152{
     153  $_POST['comment_id'] = array_map('intval', $_POST['comment_id']);
    153154  $query = '
    154155DELETE FROM '.COMMENTS_TABLE.'
     
    158159}
    159160// comments validation
    160 if (isset($_POST['validate']) and count($_POST['comment_id']) > 0)
    161 {
     161if (isset($_POST['validate']) and count($_POST['comment_id']) > 0
     162   and is_admin())
     163{
     164  $_POST['comment_id'] = array_map('intval', $_POST['comment_id']);
    162165  $query = '
    163166UPDATE '.COMMENTS_TABLE.'
Note: See TracChangeset for help on using the changeset viewer.