From 629e06724cde4ecd8d1e30fa04567cc1960410c5 Mon Sep 17 00:00:00 2001
From: Arun Persaud <arun@nubati.net>
Date: Sat, 26 Nov 2011 22:20:22 -0800
Subject: escape all users input strings

use intval for integers or sqlite_escape_string for strings
---
 getjson.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'getjson.php')

diff --git a/getjson.php b/getjson.php
index cc93c7c..0288646 100644
--- a/getjson.php
+++ b/getjson.php
@@ -19,7 +19,7 @@ else
 if (isset($_REQUEST["S"]))
   {
     /* single tag or part of tag */
-    $tag = $_REQUEST["S"];
+    $tag = sqlite_escape_string($_REQUEST["S"]);
     /* individual tags are separated by '+' */
     $result = $DB->query("SELECT name FROM tags where name like \"%$tag%\"");
     $count = $DB->query("SELECT 1");
@@ -27,14 +27,14 @@ if (isset($_REQUEST["S"]))
 else
   {
     if (isset($_REQUEST["P"]))
-      $OFFSET = "".($_REQUEST["P"]*$N-$N);
+      $OFFSET = "".(intval($_REQUEST["P"])*$N-$N);
     else
       $OFFSET = "0";
 
     if (isset($_REQUEST["T"]))
       {
 	/* single tag or part of tag */
-	$tags = $_REQUEST["T"];
+	$tags = sqlite_escape_string($_REQUEST["T"]);
 	$tags = explode("+",$tags);
 	$tags = "'".implode("','",$tags)."'";
 
-- 
cgit v1.2.3-18-g5258