fixes:'typeid' SQL injection
This commit is contained in:
parent
b5ebc702a1
commit
25958019eb
|
@ -430,7 +430,7 @@ if($filter && $filter != 'hot') {
|
||||||
}
|
}
|
||||||
} elseif($field == 'typeid' || $field == 'sortid') {
|
} elseif($field == 'typeid' || $field == 'sortid') {
|
||||||
$fieldstr = $field == 'typeid' ? 'intype' : 'insort';
|
$fieldstr = $field == 'typeid' ? 'intype' : 'insort';
|
||||||
$filterarr[$fieldstr] = $value;
|
$filterarr[$fieldstr] = dintval($value);
|
||||||
}
|
}
|
||||||
$sp = ' ';
|
$sp = ' ';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue