From 61d0c39379e920f3377b50b668c4258ea6b5e9e1 Mon Sep 17 00:00:00 2001 From: "Bradley M. Kuhn" Date: Thu, 14 May 2015 15:25:28 -0700 Subject: [PATCH] Assure $anon_token_id is integer. The code that currently calls this only ever passes in a value that was returned by elec_verify_voted_token() and as such no security issue existed here. However, assuming this function might be used for someone else in future, we might as well case the value back to integer "just in case". HT Tobias Mueller who pointed this out. --- vote/include/election-sql.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vote/include/election-sql.php b/vote/include/election-sql.php index 7087929..96c9d32 100644 --- a/vote/include/election-sql.php +++ b/vote/include/election-sql.php @@ -205,7 +205,7 @@ function elec_choices_get_by_anon_token_id ($handle, $anon_token_id) { $query = "SELECT c.choice, c.id FROM "; $query .= $choices_table . " c, " . $anon_tokens_table . " a"; $query .= " WHERE c.election_id = a.election_id"; - $query .= " AND a.id = " . $anon_token_id; + $query .= " AND a.id = " . intval($anon_token_id); $query .= " ORDER BY c.id";