nlopess Tue Apr 27 11:12:28 2004 EDT
Modified files:
/livedocs handlers.php
Log:
fixing a half sql injection bug
http://cvs.php.net/diff.php/livedocs/handlers.php?r1=1.3&r2=1.4&ty=u
Index: livedocs/handlers.php
diff -u livedocs/handlers.php:1.3 livedocs/handlers.php:1.4
--- livedocs/handlers.php:1.3 Tue Apr 27 10:07:11 2004
+++ livedocs/handlers.php Tue Apr 27 11:12:28 2004
@@ -18,7 +18,7 @@
// | Special Handlers for $aliases |
// +----------------------------------------------------------------------+
//
-// $Id: handlers.php,v 1.3 2004/04/27 14:07:11 nlopess Exp $
+// $Id: handlers.php,v 1.4 2004/04/27 15:12:28 nlopess Exp $
/***********************************
@@ -64,10 +64,10 @@
echo "</div><hr />\n";
/* Sanitize index letter */
- if (!isset($_GET['i'])) {
- $idxl = 'a';
+ if (preg_match('/^[A-Z]{0,1}$/i', $_GET['i'])) {
+ $idxl = $_GET['i'];
} else {
- $idxl = substr($_GET['i'], 0, 1);
+ $idxl = 'a';
}
/* Create function call back for STARTS_WITH and TO_LOWER */
