function getDocumentIdentifier($method) { // function to test the query and find the retrieval method $docIdentifier= $this->config['site_start']; switch($method) { case "alias" : $docIdentifier= $this->db->escape($_REQUEST['q']); break; case "id" : if(!is_numeric($_REQUEST['id'])) { $this->messageQuit("ID passed in request is NaN!"); } else { $docIdentifier= intval($_REQUEST['id']); } break; default : break; } return $docIdentifier; }
Since the document.parser.class.inc.php you posted includes a bunch of other changes slated for the next releaseOupsie, please see updated posting on top.
I must have missed it. What exactly was the security issue? Repatching all the paches into the parser is not something I look forward to.
default : break;
/*cut*/ if(!is_numeric($_REQUEST['id'])) { $docIdentifier= 0; /*paste*/
This discussion is closed to further replies. Keep calm and carry on.