Boundary check for submitted ratings. See bug 356781, attachment 242375.

git-svn-id: svn://10.0.0.236/trunk@213688 18797224-902f-48f8-a5cc-f745e15eee43
2006-10-16 04:05:45 +00:00 · 2006-10-16 04:05:45 +00:00 · 55a7e3452b
commit 55a7e3452b
parent 28aadbb9d5
1 changed files with 1 additions and 1 deletions
--- a/mozilla/webtools/addons/public/htdocs/addcomment.php
+++ b/mozilla/webtools/addons/public/htdocs/addcomment.php
@ -49,7 +49,7 @@ if (isset($_POST['c_submit'])) {
    // with an error message.  (By using booleans here, we keep the error messages in
    // the .tpl)
        $_bad_input = false;
-        if (!is_numeric($_POST['c_rating'])) {
+        if (!is_numeric($_POST['c_rating']) || $_POST['c_rating'] < 0 || $_POST['c_rating'] > 5) {
            $_errors['c_rating'] = true;
            $_bad_input = true;
        }