[Gforge-commits] gforge/www/export rss

gforge-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gforge-commits] gforge/www/export rss_sfnews.php,1.5,1.6

From:	tom
Subject:	[Gforge-commits] gforge/www/export rss_sfnews.php,1.5,1.6
Date:	Fri, 05 Mar 2004 15:12:18 -0600

Update of /cvsroot/gforge/gforge/www/export
In directory db.perdue.net:/tmp/cvs-serv21169/www/export

Modified Files:
        rss_sfnews.php 
Log Message:
Eliminated unnecessary if statement, removed SQL injection hole

Index: rss_sfnews.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/rss_sfnews.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- rss_sfnews.php      5 Mar 2004 19:57:47 -0000       1.5
+++ rss_sfnews.php      5 Mar 2004 21:12:15 -0000       1.6
@@ -21,12 +21,15 @@
 <rss version="0.91">
 ';
 // ## default limit
-if (!$limit) $limit = 10;
-if ($limit > 100) $limit = 100;
+if (!$limit) {
+       $limit = 10;
+} else {
+       $limit = min(100, $limit);
+}
 
 $where_clause = " WHERE is_approved=1 ";
 if ($group_id) {
-       $where_clause = " where group_id=".$group_id;
+       $where_clause = " where group_id=".intval($group_id);
 }
 $sql = "SELECT forum_id,summary,post_date,details,group_id FROM news_bytes 
".$where_clause." order by post_date desc";
 $res = db_query($sql, $limit);

[Prev in Thread]

Current Thread

[Next in Thread]

[Gforge-commits] gforge/www/export rss_sfnews.php,1.5,1.6, tom <=

Prev by Date: [Gforge-commits] gforge ChangeLog,1.314,1.315
Next by Date: [Gforge-commits] gforge/www/export rss_sfnews.php,1.6,1.7
Previous by thread: [Gforge-commits] gforge ChangeLog,1.314,1.315
Next by thread: [Gforge-commits] gforge/www/export rss_sfnews.php,1.6,1.7
Index(es):
- Date
- Thread