Bugtraq: Re: Another YabbSE SQL Injection

[Mike Bobbitt <mike () army ca>]

In-Reply-To: <002a01c3f4c3$d6eecc40$381e5a0a () desanet69>

Correction... the code change needs to be as follows:

Find:

 $quotemsg = $quote;

Change to:

 if ( $quote && !is_numeric($quote) )
 {
    die('Go out C==|=======>');
 }

 $quotemsg = $quote;

----

Otherwise you won't be able to use the standard reply button.

Cheers and thanks for the info.