diff options
-rwxr-xr-x | editmilestones.cgi | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/editmilestones.cgi b/editmilestones.cgi index 5100577ee..e9ec0ed92 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -519,6 +519,12 @@ if ($action eq 'update') { products WRITE"); if ($sortkey != $sortkeyold) { + if (!detaint_natural($sortkey)) { + print "The sortkey for a milestone must be a number. Please press\n"; + print "<b>Back</b> and try again.\n"; + PutTrailer($localtrailer); + exit; + } SendSQL("UPDATE milestones SET sortkey=$sortkey WHERE product_id=" . $product_id . " AND value=" . SqlQuote($milestoneold)); |