Changeset 1788 for trunk

Show
Ignore:
Timestamp:
07/26/08 11:12:53 (4 months ago)
Author:
mbonetti
Message:

fixes #510

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/gregarius/ajax.php

    r1718 r1788  
    3333 
    3434function __exp__setState($id,$state) { 
     35    $id = sanitize($id, RSS_SANITIZER_NUMERIC); 
     36    $state = sanitize($state, RSS_SANITIZER_NUMERIC); 
    3537    if (isLoggedIn()) { 
    3638        rss_query('update '.getTable('item') . " set unread=$state where id=$id");   
     
    7173 
    7274function __exp__getFeedContent($cid) { 
    73  
     75    $cid = sanitize($cid, RSS_SANITIZER_NUMERIC); 
    7476     
    7577    ob_start(); 
     
    9193 
    9294function __exp__rateItem($iid, $rt) { 
     95    $iid = sanitize($iid, RSS_SANITIZER_NUMERIC); 
     96    $rt = sanitize($rt, RSS_SANITIZER_NUMERIC); 
     97     
    9398    list($rrt) = rss_fetch_row(rss_query("select rating from " 
    9499        .getTable('rating') . " where iid = $iid"));