From 01c6f9032792898c22b718f100ec88e4d8155ecf Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 02 Mar 2016 05:19:14 -0500
Subject: [PATCH] - added line to guidelines

---
 interface/web/help/faq_list.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/help/faq_list.php b/interface/web/help/faq_list.php
index 2f48b4d..128480d 100644
--- a/interface/web/help/faq_list.php
+++ b/interface/web/help/faq_list.php
@@ -18,7 +18,7 @@
 // Optional limit
 $hf_section = 0;
 if(isset($_GET['hfs_id']))
-	$hf_section = preg_replace("/[^0-9]/", "", $_GET['hfs_id']);
+	$hf_section = $app->functions->intval(preg_replace("/[^0-9]/", "", $_GET['hfs_id']));
 
 // if section id is not specified in the url, choose the first existing section
 if(!$hf_section)
@@ -29,7 +29,7 @@
 $app->listform_actions->SQLExtWhere = "help_faq.hf_section = $hf_section";
 
 
-if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=$hf_section");
+if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section);
 // Start the form rendering and action ahndling
 echo "<h2>FAQ: ".$res['hfs_name']."</h2>";
 if($hf_section) $app->listform_actions->onLoad();

--
Gitblit v1.9.1