public void attach(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc {
String mediaIdParam = aRequest.getParameter("mid");
String articleId = aRequest.getParameter("articleid");
-
if (articleId == null || mediaIdParam==null)
throw new ServletModuleExc("smod content :: attach :: articleid/mid missing");
-
+ // check if mediaIdParam and articleid are correct integers
+ try
+ {
+ Integer.parseInt(mediaIdParam);
+ Integer.parseInt(articleId);
+ }
+ catch(NumberFormatException e)
+ {
+ throw new ServletModuleExc("smod content :: attach :: invalid articleid/mid");
+ }
+
if (!MirGlobal.accessControl().article().mayEditArticle(ServletHelper.getUser(aRequest), articleId))
throw new ServletModuleExc("Article has been locked");