Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-27 20:24:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check decoded string for array

Browse Source 
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER
2022-02-27 18:25:53 +01:00
parent 60122713a8
commit 0dd9b304ac
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/pi-hole/php/message.php
View File

@@ -45,9 +45,9 @@ function JSON_error($message = null)
// Delete message identified by IDs
if ($_POST['action'] == 'delete_message' && isset($_POST['id'])) {
try {
if(!is_array($_POST['id']))
throw new Exception('Invalid payload: id is not an array');
$ids = json_decode($_POST['id']);
if(!is_array($ids))
throw new Exception('Invalid payload: id is not an array');
// Explot prevention: Ensure all entries in the ID array are integers
foreach($ids as $value) {
if (!is_numeric($value))