diff options
author | Alex Mayer <magictrick4906@aim.com> | 2013-09-15 21:04:24 -0400 |
---|---|---|
committer | Thomas Martitz <kugel@rockbox.org> | 2014-01-11 11:22:23 +0100 |
commit | 669ffd18adcbc9819470ec4c8a1536b60bc2c073 (patch) | |
tree | 6939a55c8112caa8e0ad2dd680c86c0fc0167e59 | |
parent | ebf84f9d0465ac2256c6140623ed6d516875bb08 (diff) | |
download | themesite-669ffd18adcbc9819470ec4c8a1536b60bc2c073.tar.gz themesite-669ffd18adcbc9819470ec4c8a1536b60bc2c073.zip |
Check rating to see if it is a valid number [FS#12896]
Update "if" statement to make sure that $rating is
between 0 and 10
Change-Id: Ie1e1adbaab5cb218620d0c21bc3ef660010ce94b
Reviewed-on: http://gerrit.rockbox.org/619
Reviewed-by: Purling Nayuki <cyq.yzfl@gmail.com>
Reviewed-by: Thomas Martitz <kugel@rockbox.org>
-rw-r--r-- | private/themesite.class.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/private/themesite.class.php b/private/themesite.class.php index 0566368..19749b8 100644 --- a/private/themesite.class.php +++ b/private/themesite.class.php @@ -702,7 +702,7 @@ END; /* prevent abusing with a cookie which virtually never expires * so one can only rate a theme once */ $cookiename = "rating_{$id}"; - if (!(isset($_COOKIE[$cookiename]))) + if(!isset($_COOKIE[$cookiename]) && $rating >= 0 && $rating <= 10) { $sql = 'UPDATE themes SET ratings=ratings+:rating, numratings=numratings+1 WHERE themeid=:id'; $args = array( |