Skip to content

Commit

Permalink
Fix SQL Vulnerability. Fixes GHSA-qm8h-3xvf-m7j3
Browse files Browse the repository at this point in the history
  • Loading branch information
Isaac Connor committed Oct 31, 2024
1 parent 335900a commit 9e7d318
Showing 1 changed file with 3 additions and 6 deletions.
9 changes: 3 additions & 6 deletions web/ajax/event.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,14 +215,11 @@
ajaxResponse(array('response'=>$response));
break;
case 'removetag' :
$tagId = $_REQUEST['tid'];
$tagId = validCardinal($_REQUEST['tid']);
dbQuery('DELETE FROM Events_Tags WHERE TagId = ? AND EventId = ?', array($tagId, $_REQUEST['id']));
$sql = "SELECT * FROM Events_Tags WHERE TagId = $tagId";
$rowCount = dbNumRows($sql);
$rowCount = dbNumRows('SELECT * FROM Events_Tags WHERE TagId=?', [ $tagId ]);
if ($rowCount < 1) {
$sql = 'DELETE FROM Tags WHERE Id = ?';
$values = array($_REQUEST['tid']);
$response = dbNumRows($sql, $values);
$response = dbNumRows('DELETE FROM Tags WHERE Id=?', [$tagId]);
ajaxResponse(array('response'=>$response));
}
ajaxResponse();
Expand Down

0 comments on commit 9e7d318

Please sign in to comment.