summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xeditmilestones.cgi6
1 files changed, 6 insertions, 0 deletions
diff --git a/editmilestones.cgi b/editmilestones.cgi
index 5100577ee..e9ec0ed92 100755
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -519,6 +519,12 @@ if ($action eq 'update') {
products WRITE");
if ($sortkey != $sortkeyold) {
+ if (!detaint_natural($sortkey)) {
+ print "The sortkey for a milestone must be a number. Please press\n";
+ print "<b>Back</b> and try again.\n";
+ PutTrailer($localtrailer);
+ exit;
+ }
SendSQL("UPDATE milestones SET sortkey=$sortkey
WHERE product_id=" . $product_id . "
AND value=" . SqlQuote($milestoneold));