[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gforge-commits] gforge/www/export rss_sfnews.php,1.5,1.6
From: |
tom |
Subject: |
[Gforge-commits] gforge/www/export rss_sfnews.php,1.5,1.6 |
Date: |
Fri, 05 Mar 2004 15:12:18 -0600 |
Update of /cvsroot/gforge/gforge/www/export
In directory db.perdue.net:/tmp/cvs-serv21169/www/export
Modified Files:
rss_sfnews.php
Log Message:
Eliminated unnecessary if statement, removed SQL injection hole
Index: rss_sfnews.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/rss_sfnews.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- rss_sfnews.php 5 Mar 2004 19:57:47 -0000 1.5
+++ rss_sfnews.php 5 Mar 2004 21:12:15 -0000 1.6
@@ -21,12 +21,15 @@
<rss version="0.91">
';
// ## default limit
-if (!$limit) $limit = 10;
-if ($limit > 100) $limit = 100;
+if (!$limit) {
+ $limit = 10;
+} else {
+ $limit = min(100, $limit);
+}
$where_clause = " WHERE is_approved=1 ";
if ($group_id) {
- $where_clause = " where group_id=".$group_id;
+ $where_clause = " where group_id=".intval($group_id);
}
$sql = "SELECT forum_id,summary,post_date,details,group_id FROM news_bytes
".$where_clause." order by post_date desc";
$res = db_query($sql, $limit);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gforge-commits] gforge/www/export rss_sfnews.php,1.5,1.6,
tom <=