phpBMS

Show
Ignore:
Timestamp:
01/07/10 12:45:17 (2 years ago)
Author:
brieb
Message:
  • Fixed possible security loopholes in search screen (SQL Manipulation)
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/include/relationships.php

    r703 r728  
    102102        */ 
    103103        foreach($theids as $theid) 
    104             $_SESSION["passedjoinwhere"] .= " OR ".$therecord["fromtable"].".id = ".$theid; 
     104            $_SESSION["passedjoinwhere"] .= " OR ".$therecord["fromtable"].".id = ".((int) $theid); 
    105105 
    106106        $_SESSION["passedjoinwhere"] = substr($_SESSION["passedjoinwhere"], 3); 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.