Modified for security.

[nucleus-jp/nucleus-plugins.git] / NP_gallery / trunk / gallery / forms.php

diff --git a/NP_gallery/trunk/gallery/forms.php b/NP_gallery/trunk/gallery/forms.php
index 988d5f7..5a14d98 100644 (file)
--- a/NP_gallery/trunk/gallery/forms.php
+++ b/NP_gallery/trunk/gallery/forms.php
@@ -167,7 +167,7 @@ function editAlbumForm($id) {
                <td>\r
                <?php\r
                //this query lists the members that are not already part of the team, not the admins(they already have permissions) and are not the owner of the album\r
-               $result = mysql_query('select mname, mnumber from '.sql_table('member').' left join '.sql_table('plug_gallery_album_team').' on mnumber=tmemberid and talbumid='.$id.' where mnumber <> '.$data->ownerid.' and madmin=0 and tmemberid is null');\r
+               $result = mysql_query('select mname, mnumber from '.sql_table('member').' left join '.sql_table('plug_gallery_album_team').' on mnumber=tmemberid and talbumid='.intval($id).' where mnumber <> '.intval($data->ownerid).' and madmin=0 and tmemberid is null');\r
                if($result) {\r
                        $num_rows = mysql_num_rows($result);\r
                        if($num_rows) {\r