cvs: php-master-web /manage users.php

rasmus		Sun Jun  5 13:02:49 2005 EDT

Modified files:
/php-master-web/manage	users.php
Log:
Quick-fix for sql injection in user id


[url]http://cvs.php.net/diff.php/php-master-web/manage/users.php?r1=1.39&r2=1.40&ty=u[/
url]
Index: php-master-web/manage/users.php
diff -u php-master-web/manage/users.php:1.39 php-master-web/manage/users.php
:1.40
--- php-master-web/manage/users.php:1.39	Wed Sep  8 06:33:51 2004
+++ php-master-web/manage/users.php	Sun Jun  5 13:02:48 2005
@@ -28,12 +28,13 @@
}
}

+if(isset($id)) $id = (int)$id;
+
if (isset($id) && isset($action)) {
if (!is_admin($user)) {
warn("you're not allowed to take actions on users.");
exit;
}
-  $id = (int)$id;
switch ($action) {
case 'approve':
if (db_query("UPDATE users SET cvsaccess=1 WHERE userid=$id")