Skip to content

Commit

Permalink
Update getHistoryChatData.php
Browse files Browse the repository at this point in the history
Wrap intval around $sid in attempt to close exploit
  • Loading branch information
l3oncoder committed Jan 27, 2022
1 parent 6cff93e commit 1980f9f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ajaxchat/getHistoryChatData.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
}

if (isset($_GET["sid"])) {
$sid = ((int)$_GET["sid"]); # getting shout id (sid)
$sid = ((int)intval($_GET["sid"])); # getting shout id (sid)

$post = $_POST["shoutid"]; # setting shout id
$post = str_replace("'", "\'", $post); # our textarea string replacement for preview
Expand Down

0 comments on commit 1980f9f

Please sign in to comment.