From a71504fc3a34fe5a6a55138b971697c50089c1a5 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Thu, 14 Aug 2008 09:35:40 +0000
Subject: [PATCH] Fixed a SQL injection

---
 www/account.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/account.php b/www/account.php
index 4811538..f6908b3 100644
--- a/www/account.php
+++ b/www/account.php
@@ -53,7 +53,7 @@
                 showfooter();
                 exit;
 	} else if($id == 51 && $_GET['img'] == "show") {
-		$query = "select * from `tverify` where `id`='".$_GET['photoid']."' and `modified`=0";
+		$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res))
 		{