fixes:'typeid' SQL injection

2016-12-23 18:12:58 +08:00 · 2016-12-23 18:12:58 +08:00 · 25958019eb
parent b5ebc702a1
commit 25958019eb
1 changed files with 1 additions and 1 deletions
--- a/upload/source/module/forum/forum_forumdisplay.php
+++ b/upload/source/module/forum/forum_forumdisplay.php
@ -430,7 +430,7 @@ if($filter && $filter != 'hot') {
 							}
 						} elseif($field == 'typeid' || $field == 'sortid') {
 							$fieldstr = $field == 'typeid' ? 'intype' : 'insort';
-							$filterarr[$fieldstr] = $value;
+							$filterarr[$fieldstr] = dintval($value);
 						}
 						$sp = ' ';
 					}