From 823da71a1036e20d3e34de3aa1930026d0b6c8c5 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 7 Nov 2011 10:18:24 +0400
Subject: [PATCH] api/getArticle: validate id list

---
 api/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/index.php b/api/index.php
index 633b11a75..f6e1cb79f 100644
--- a/api/index.php
+++ b/api/index.php
@@ -274,7 +274,7 @@
 
 		case "getArticle":
 
-			$article_id = db_escape_string($_REQUEST["article_id"]);
+			$article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
 
 			$query = "SELECT id,title,link,content,feed_id,comments,int_id,
 				marked,unread,published,
-- 
GitLab