4 years ago · 6396b797d2
--- a/classes/security.class.php
+++ b/classes/security.class.php
@@ -17,16 +17,9 @@ class Security
 
				
				      * Makes sure a number ID is valid,
			
 
				
				      * e.g., a page ID requested by GET.
			
 
				
				      */
			
 
				
				-    public function checkInt($ID)
			
 
				
				-    #public function checkInt(int|array $ID) # Union types need PHP 8 - unbelievable!
			
 
				
				+    public function checkInt(...$IDs)
			
 
				
				     {
			
 
				
				-        # Cast single ID to array
			
 
				
				-        if (!is_array($ID)) {
			
 
				
				-            $ID = [$ID];
			
 
				
				-        }
			
 
				
				-
			
 
				
				-        # Check each ID supplied
			
 
				
				-        foreach ($ID as $ID) {
			
 
				
				+        foreach ($IDs as $ID) {
			
 
				
				             if (!ID || !is_int($ID) || $ID < 1) {
			
 
				
				                 error(400);
			
 
				
				             }
			
--- a/sections/torrents/nonwikiedit.php
+++ b/sections/torrents/nonwikiedit.php
@@ -1,9 +1,11 @@
 
				
				 <?php
			
 
				
				 declare(strict_types=1);
			
 
				
				 
			
 
				
				-Security::checkInt($_POST['groupid']);
			
 
				
				 authorize();
			
 
				
				 
			
 
				
				+$GroupID = (int) $_GET['groupid'];
			
 
				
				+Security::checkInt($GroupID);
			
 
				
				+
			
 
				
				 // Usual perm checks
			
 
				
				 if (!check_perms('torrents_edit')) {
			
 
				
				     $DB->query("
			
--- a/sections/torrents/takegroupedit.php
+++ b/sections/torrents/takegroupedit.php
@@ -15,7 +15,7 @@ if (!check_perms('site_edit_wiki')) {
 
				
				 # Variables for database input
			
 
				
				 $user_id = (int) $LoggedUser['ID'];
			
 
				
				 $group_id = (int) $_REQUEST['groupid'];
			
 
				
				-Security::checkInt([$user_id, $group_id]);
			
 
				
				+Security::checkInt($user_id, $group_id);
			
 
				
				 
			
 
				
				 # If we're reverting to a previous revision
			
 
				
				 if (!empty($_GET['action']) && $_GET['action'] === 'revert') {