Fix input sanitization

2019-04-11 17:24:26 +02:00 · 2019-04-11 17:24:26 +02:00 · 1439175616
commit 1439175616
parent 2e0e9f49f2
1 changed files with 1 additions and 1 deletions
--- a/oertliche.php
+++ b/oertliche.php
@ -72,7 +72,7 @@ function lookupCaller($number) {

 header('Content-Type: text/xml; charset=utf-8');
 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n\r\n";
-if (isset($_GET['hm']) && is_numeric($_GET['hm'])) {
+if (isset($_GET['hm']) && preg_match('/^\d+$/', $_GET['hm'])) {
  $caller = lookupCaller($_GET['hm']);
  if (is_array($caller))
    printResponse($caller);