diff -r df88cedf0995 -r c5409416b61b index.php --- a/index.php Sun Apr 12 19:24:33 2009 -0400 +++ b/index.php Sun Apr 12 19:25:07 2009 -0400 @@ -537,9 +537,18 @@ $template->header(); $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; - if(!$id1 || !$id2) { echo '
Invalid request.
'; $template->footer(); break; } - if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || - !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo 'SQL injection attempt
'; $template->footer(); break; } + if ( !$id1 || !$id2 ) + { + echo 'Invalid request.
'; + $template->footer(); + break; + } + if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) + { + echo 'SQL injection attempt
'; + $template->footer(); + break; + } echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); $template->footer(); break;