Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the...

diff --git a/editkeywords.cgi b/editkeywords.cgi
index d46476dfa882e059d33c378a9d23bbf6b31868d1..d2d6a484afe3f7e547450dc78de69cdf2980ff4c 100755 (executable)
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -49,6 +49,14 @@ sub Validate ($$) {
     }
 }
 
+sub ValidateKeyID {
+    my $id = shift;
+
+    $id = trim($id || 0);
+    detaint_natural($id) || ThrowCodeError('invalid_keyword_id');
+    return $id;
+}
+
 
 #
 # Preliminary checks:
@@ -173,8 +181,7 @@ if ($action eq 'new') {
 #
 
 if ($action eq 'edit') {
-    my $id = trim($cgi->param('id'));
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     # get data of keyword
     SendSQL("SELECT name,description
@@ -213,8 +220,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     my $name  = trim($cgi->param('name') || '');
     my $description  = trim($cgi->param('description')  || '');
@@ -250,8 +256,7 @@ if ($action eq 'update') {
 
 
 if ($action eq 'delete') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     SendSQL("SELECT name FROM keyworddefs WHERE id=$id");
     my $name = FetchOneColumn();