summaryrefslogtreecommitdiff
path: root/www/api/cemails.php
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-04-30 20:13:28 +0200
committerBenny Baumann <BenBE@geshi.org>2014-04-30 20:18:56 +0200
commit7f02d479140d2c47e9359191ed2a7d687c6b9a33 (patch)
treefd72a22729f6fb9575396a3a4443e2c0f76c3991 /www/api/cemails.php
parent2801b166026e48e2133ac5e8ba68f3d699c4dbd2 (diff)
downloadcacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.tar.gz
cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.tar.xz
cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.zip
bug 1138: And yet another bunch of escaping
Diffstat (limited to 'www/api/cemails.php')
-rw-r--r--www/api/cemails.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/www/api/cemails.php b/www/api/cemails.php
index 260ca4f..4eb7597 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -25,7 +25,7 @@
echo "200,Authentication Ok\n";
$user = mysql_fetch_assoc($res);
$memid = $user['id'];
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `notary`.`deleted`=0 group by `to`";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
echo "CS=".intval($user['codesign'])."\n";
@@ -40,8 +40,8 @@
if($user['mname'] != "" && $user['suffix'] != "")
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
}
- $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
+ $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
- echo "EMAIL=".$row['email']."\n";
+ echo "EMAIL=".sanitizeHTML($row['email'])."\n";
?>