projects / acontent.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
AC-4804: Security fixes for XSS, possible sql injection on multiple scripts within...
[acontent.git] / docs / include / classes / DAO / UsersDAO.class.php
diff --git a/docs/include/classes/DAO/UsersDAO.class.php b/docs/include/classes/DAO/UsersDAO.class.php
index 859e7ca..f646ec0 100644 (file)
--- a/docs/include/classes/DAO/UsersDAO.class.php
+++ b/docs/include/classes/DAO/UsersDAO.class.php
@@ -296,6 +296,7 @@ class UsersDAO extends DAO {
         */
        public function getUserByID($userID)
        {
+           $userID = intval($userID);
                $sql = 'SELECT * FROM '.TABLE_PREFIX.'users WHERE user_id='.$userID;
                if ($rows = $this->execute($sql))
                {
@@ -313,6 +314,7 @@ class UsersDAO extends DAO {
         */
        public function getUserByWebServiceID($webServiceID)
        {
+           $webServiceID = intval($webServiceID);
                $sql = "SELECT * FROM ".TABLE_PREFIX."users WHERE web_service_id='".$webServiceID."'";
                if ($rows = $this->execute($sql))
                {
AContent learning content authoring system