[svn r11117] casting $blog_id, $_user['id'], $task_id, ... and alike

and using mysql_real_escape_string to fix XSS and SQL injections http://www.dokeos.com/forum/viewtopic.php?t=8464
18 years ago · f00eeddbf2
parent a69d1e80f3
commit f00eeddbf2
1 changed files with 14 additions and 14 deletions
--- a/main/blog/blog_admin.php
+++ b/main/blog/blog_admin.php
@ -61,15 +61,15 @@ if ($_POST['new_blog_submit'])
 }
 if ($_POST['edit_blog_submit'])
 {
-	Blog::edit_blog(mysql_real_escape_string($_POST['blog_id']),mysql_real_escape_string($_POST['blog_name']),mysql_real_escape_string($_POST['blog_subtitle']));
+	Blog::edit_blog(mysql_real_escape_string((int)$_POST['blog_id']),mysql_real_escape_string($_POST['blog_name']),mysql_real_escape_string($_POST['blog_subtitle']));
 }
 if ($_GET['action'] == 'visibility')
 {
-	Blog::change_blog_visibility(mysql_real_escape_string($_GET['blog_id']));
+	Blog::change_blog_visibility(mysql_real_escape_string((int)$_GET['blog_id']));
 }
 if ($_GET['action'] == 'delete')
 {
-	Blog::delete_blog(mysql_real_escape_string($_GET['blog_id']));
+	Blog::delete_blog(mysql_real_escape_string((int)$_GET['blog_id']));
 }


@ -88,7 +88,7 @@ api_display_tool_title($nameTools);
 	}
 	if ($_GET['action'] == 'edit')
 	{
-		Blog::display_edit_blog_form(mysql_real_escape_string($_GET['blog_id']));
+		Blog::display_edit_blog_form(mysql_real_escape_string((int)$_GET['blog_id']));
 	}

 	echo "<a href='".$_SERVER['PHP_SELF']."?action=add'>",