revison sanitizing

darcs-hash:20050301181638-9977f-212463af48be9fb6c4e2f9e738f3eb57878c30f7.gz
author: andi <andi@splitbrain.org> 2005-03-01 19:16:38 +0100
committer: andi <andi@splitbrain.org> 2005-03-01 19:16:38 +0100
commit: 258641c6f7e2489c78367a0a864b000f2935fefa (patch)
tree: 3d09e46755f85b952ac0ff451b4e3d36662f7cb8
parent: 88d3a917fc755b07bc59ab80294eb06ae00c5c05 (diff)
download: rpg-258641c6f7e2489c78367a0a864b000f2935fefa.tar.gz
rpg-258641c6f7e2489c78367a0a864b000f2935fefa.tar.bz2
2 files changed, 6 insertions, 0 deletions
diff --git a/doku.php b/doku.php
index 0d6c823ef..5d706ab2e 100644
--- a/doku.php
+++ b/doku.php
@@ -36,6 +36,9 @@
   $SUF   = cleanText($_POST['suffix']);
   $SUM   = $_REQUEST['summary'];
 
+  //sanitize revision
+  $REV = preg_replace('/[^0-9]/','',$REV);
+
   //we accept the do param as HTTP header, too:
   if(!empty($_SERVER['HTTP_X_DOKUWIKI_DO'])){
     $ACT = trim(strtolower($_SERVER['HTTP_X_DOKUWIKI_DO']));
diff --git a/inc/common.php b/inc/common.php
index 24e9583f3..b06896f4d 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -648,6 +648,9 @@ function getRecents($num=0,$incdel=false){
  */
 function getRevisionInfo($id,$rev){
   global $conf;
+
+  if(!$rev) return(null);
+
   $info = array();
   if(!@is_readable($conf['changelog'])){
     msg($conf['changelog'].' is not readable',-1);
author	andi <andi@splitbrain.org>	2005-03-01 19:16:38 +0100
committer	andi <andi@splitbrain.org>	2005-03-01 19:16:38 +0100
commit	258641c6f7e2489c78367a0a864b000f2935fefa (patch)
tree	3d09e46755f85b952ac0ff451b4e3d36662f7cb8
parent	88d3a917fc755b07bc59ab80294eb06ae00c5c05 (diff)
download	rpg-258641c6f7e2489c78367a0a864b000f2935fefa.tar.gz rpg-258641c6f7e2489c78367a0a864b000f2935fefa.tar.bz2