From 52ebaf93e9074ce337c1afeaa93f611735e48d2b Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sat, 5 Nov 2011 15:00:30 +0400
Subject: [PATCH] api/updateArticle: validate article_ids parameter (refs #375)

---
 api/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/index.php b/api/index.php
index 737ce8abf..633b11a75 100644
--- a/api/index.php
+++ b/api/index.php
@@ -207,7 +207,7 @@
 			break;
 
 		case "updateArticle":
-			$article_ids = split(",", db_escape_string($_REQUEST["article_ids"]));
+			$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
 			$mode = (int) db_escape_string($_REQUEST["mode"]);
 			$field_raw = (int)db_escape_string($_REQUEST["field"]);
 
-- 
GitLab