From 2c1930653e9cf5352fd9da6b5f6f45ad4b6a80db Mon Sep 17 00:00:00 2001 From: Carlos Vargas Date: Tue, 5 May 2009 02:42:54 +0200 Subject: [PATCH] [svn r20308] Filter answer ID to avoid nasty security flaw --- main/exercice/answer.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main/exercice/answer.class.php b/main/exercice/answer.class.php index a1e7212f00..dae9054228 100644 --- a/main/exercice/answer.class.php +++ b/main/exercice/answer.class.php @@ -23,7 +23,7 @@ * 5 arrays are created to receive the attributes of each answer belonging to a specified question * @package dokeos.exercise * @author Olivier Brouckaert -* @version $Id: answer.class.php 17944 2009-01-22 20:41:25Z juliomontoya $ +* @version $Id: answer.class.php 20308 2009-05-05 00:42:54Z cvargas1 $ */ @@ -67,7 +67,7 @@ class Answer function Answer($questionId) { //$this->questionType=$questionType; - $this->questionId=$questionId; + $this->questionId=(int)$questionId; $this->answer=array(); $this->correct=array(); $this->comment=array();