summaryrefslogtreecommitdiff
path: root/program/steps/addressbook
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps/addressbook')
-rw-r--r--program/steps/addressbook/delete.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index b95988d12..3e33cd864 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -21,7 +21,7 @@
$REMOTE_REQUEST = TRUE;
-if ($_GET['_cid'])
+if ($_GET['_cid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_cid']))
{
$DB->query("UPDATE ".get_table_name('contacts')."
SET del=1
@@ -96,4 +96,4 @@ if ($_GET['_cid'])
}
exit;
-?> \ No newline at end of file
+?>