Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the...

diff --git a/editkeywords.cgi b/editkeywords.cgi
index a614e73146af51f564b2515548d0b9bed89466ea..0d2eb691e6566ebdeabb0a9abd1aebbb531e439e 100755 (executable)
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -48,6 +48,14 @@ sub Validate ($$) {
     }
 }
 
+sub ValidateKeyID {
+    my $id = shift;
+
+    $id = trim($id || 0);
+    detaint_natural($id) || ThrowCodeError('invalid_keyword_id');
+    return $id;
+}
+
 
 #
 # Preliminary checks:
@@ -172,8 +180,7 @@ if ($action eq 'new') {
 #
 
 if ($action eq 'edit') {
-    my $id = trim($cgi->param('id'));
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     # get data of keyword
     SendSQL("SELECT name,description
@@ -211,8 +218,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     my $name  = trim($cgi->param('name') || '');
     my $description  = trim($cgi->param('description')  || '');
@@ -247,8 +253,7 @@ if ($action eq 'update') {
 
 
 if ($action eq 'delete') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     SendSQL("SELECT name FROM keyworddefs WHERE id=$id");
     my $name = FetchOneColumn();