Commit 823da71a authored by Andrew Dolgov's avatar Andrew Dolgov

api/getArticle: validate id list

parent edfab7bd
......@@ -274,7 +274,7 @@
case "getArticle":
$article_id = db_escape_string($_REQUEST["article_id"]);
$article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
$query = "SELECT id,title,link,content,feed_id,comments,int_id,
marked,unread,published,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment