From 21fabe6d52befcda3646b90dd9c6b3524711035c Mon Sep 17 00:00:00 2001 From: yamamoto Date: Sat, 10 Dec 2016 13:34:31 +0900 Subject: [PATCH] Fix: Ditto - sql error of &documents parameter ref: #1089 --- assets/snippets/ditto/classes/ditto.class.inc.php | 1 + 1 file changed, 1 insertion(+) diff --git a/assets/snippets/ditto/classes/ditto.class.inc.php b/assets/snippets/ditto/classes/ditto.class.inc.php index 766515b2c3..5cf73869ad 100644 --- a/assets/snippets/ditto/classes/ditto.class.inc.php +++ b/assets/snippets/ditto/classes/ditto.class.inc.php @@ -592,6 +592,7 @@ function determineIDs($IDs, $IDType, $TVs, $orderBy, $depth, $showPublishedOnly, $documentIDs = $this->getChildIDs($IDs, $depth); break; case "documents": + if(!preg_match('@^[0-9, ]*$@',$IDs)) exit(sprintf('Illegal value of &documents: %s', $IDs)); $documentIDs = explode(",",$IDs); break; }