diff options
Diffstat (limited to 'submission.php')
| -rw-r--r-- | submission.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/submission.php b/submission.php index cff39dc6c..ad1767ed0 100644 --- a/submission.php +++ b/submission.php @@ -1,4 +1,5 @@ <? + include "includes/submission.inc"; include "includes/theme.inc"; @@ -57,6 +58,12 @@ function submission_displayItem($id) { $theme->footer(); } +### Security check: +if (strstr($id, " ")) { + watchdog("error", "submission: attempt to provide malicious input through URI"); + exit(); +} + if ($user->id) { switch($op) { case "view": @@ -72,4 +79,4 @@ if ($user->id) { } } -?>
\ No newline at end of file +?> |