From a1b0f15a187093a254a863f300c428f94cc190a5 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 14 Nov 2012 22:50:04 +0100
Subject: [PATCH] Security: Adding intvals

---
 main/exercice/answer_admin.inc.php | 8 ++++----
 main/exercice/question.class.php   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/main/exercice/answer_admin.inc.php b/main/exercice/answer_admin.inc.php
index e9da17b871..0ee6e2384f 100644
--- a/main/exercice/answer_admin.inc.php
+++ b/main/exercice/answer_admin.inc.php
@@ -791,7 +791,7 @@ if ($modifyAnswers) {
 
                 <input type="hidden" name="formSent" value="1">
                 <input type="hidden" name="nbrAnswers" value="<?php echo $nbrAnswers; ?>">
-                <input type="hidden" name="myid" value="<?php echo $_REQUEST['myid']; ?>">
+                <input type="hidden" name="myid" value="<?php echo intval($_REQUEST['myid']); ?>">
 
                 <table width="650" border="0" cellpadding="5">
 
@@ -894,7 +894,7 @@ if ($modifyAnswers) {
             <form name="formulaire" method="post" action="<?php echo api_get_self(); ?>?modifyAnswers=<?php echo $modifyAnswers; ?>">
                 <input type="hidden" name="formSent" value="1">
                 <input type="hidden" name="setWeighting" value="<?php echo $setWeighting; ?>">
-                <input type="hidden" name="myid" value="<?php echo $_REQUEST['myid']; ?>">
+                <input type="hidden" name="myid" value="<?php echo intval($_REQUEST['myid']); ?>">
 
             <?php
             if (!$setWeighting) {
@@ -1028,7 +1028,7 @@ if ($modifyAnswers) {
             <form name="formulaire" method="post" action="<?php echo api_get_self(); ?>?modifyAnswers=<?php echo $modifyAnswers; ?>">
                 <input type="hidden" name="formSent" value="1">
                 <input type="hidden" name="setWeighting" value="1">
-                <input type="hidden" name="myid" value="<?php echo $_REQUEST['myid']; ?>">
+                <input type="hidden" name="myid" value="<?php echo intval($_REQUEST['myid']); ?>">
                 <table border="0" cellpadding="5" width="500">
                 <?php
                 if ($okPicture) {
@@ -1081,7 +1081,7 @@ if ($modifyAnswers) {
                     <input type="hidden" name="formSent" value="1">
                     <input type="hidden" name="nbrOptions" value="<?php echo $nbrOptions; ?>">
                     <input type="hidden" name="nbrMatches" value="<?php echo $nbrMatches; ?>">
-                    <input type="hidden" name="myid" value="<?php echo $_REQUEST['myid']; ?>">
+                    <input type="hidden" name="myid" value="<?php echo intval($_REQUEST['myid']); ?>">
 
                     <table border="0" cellpadding="5">
 
diff --git a/main/exercice/question.class.php b/main/exercice/question.class.php
index 1190358173..4e392ea5d8 100644
--- a/main/exercice/question.class.php
+++ b/main/exercice/question.class.php
@@ -1197,7 +1197,7 @@ abstract class Question
 		$form->addElement('select', 'questionCategory', get_lang('Category'), $tabCat);
 		
 		// hidden values
-		$form->addElement('hidden','myid',$_REQUEST['myid']);
+		$form->addElement('hidden','myid', intval($_REQUEST['myid']));
         
         if (!isset($_GET['fromExercise'])) {            
             switch($answerType) {