bug 1138: This is an int, no need to mysql_real_escape()
authorMichael Tänzer <neo@nhng.de>
Wed, 30 Apr 2014 23:31:19 +0000 (01:31 +0200)
committerMichael Tänzer <neo@nhng.de>
Thu, 1 May 2014 00:11:07 +0000 (02:11 +0200)
Signed-off-by: Michael Tänzer <neo@nhng.de>
pages/account/43.php

index fb10e69..c889ce3 100644 (file)
@@ -130,7 +130,7 @@ if(intval($_REQUEST['userid']) > 0) {
             if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) {
                 $ticketmsg=_("Writing to the admin log failed. Can't continue.");
             } else {
-                $assurance = mysql_real_escape_string(intval($_REQUEST['assurance']));
+                $assurance = intval($_REQUEST['assurance']);
                 $trow = 0;
                 $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
                 if ($res) {