Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the...

diff --git a/editkeywords.cgi b/editkeywords.cgi
index da412bfdc68c8aa9da29feae9ef77ead09f5209d..5397f0aa57f1051ad95337a7f90c0bbc26646f16 100755 (executable)
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -53,6 +53,14 @@ sub Validate {
     $_[1] = $description;
 }
 
+sub ValidateKeyID {
+    my $id = shift;
+
+    $id = trim($id || 0);
+    detaint_natural($id) || ThrowCodeError('invalid_keyword_id');
+    return $id;
+}
+
 
 #
 # Preliminary checks:
@@ -165,8 +173,7 @@ if ($action eq 'new') {
 #
 
 if ($action eq 'edit') {
-    my $id = trim($cgi->param('id'));
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     # get data of keyword
     my ($name, $description) =
@@ -201,8 +208,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     my $name  = trim($cgi->param('name') || '');
     my $description  = trim($cgi->param('description')  || '');
@@ -234,8 +240,7 @@ if ($action eq 'update') {
 
 
 if ($action eq 'delete') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     my $name = $dbh->selectrow_array('SELECT name FROM keyworddefs
                                       WHERE id= ?', undef, $id);