diff options
Diffstat (limited to 'pages/challenge.php')
| -rw-r--r-- | pages/challenge.php | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/pages/challenge.php b/pages/challenge.php index ceefebe..4e5c50c 100644 --- a/pages/challenge.php +++ b/pages/challenge.php @@ -80,24 +80,25 @@ if (!$accepted) { // return;
//}
-if(!isset($_GET["mapID"]))
+if(!isset($_GET["challengeMapID"]) OR !is_int($_GET["challengeMapID"] + 0))
{
redirectToChallengeListing();
return;
}
-$mapCode = loadMapCode($_GET["mapID"]);
+$mapCode = loadChallengeMapCode($_GET["challengeMapID"]);
if($mapCode === NULL)
{
redirectToChallengeListing();
return;
}
-// TODO: !! Sanitize mapid
-$mapID = $_GET["mapID"];
+$challengeMapID = $_GET["challengeMapID"] + 0;
+if (!is_int($challengeMapID))
+ return;
-$mapContent = displayMap(GenerateMapByCode($mapCode), $_GET["mapID"]);
-$challengeResultset = loadChallengesForMap($mapID, $userID);
+$mapContent = displayMap(GenerateMapByCode($mapCode), $_GET["challengeMapID"]);
+$challengeResultset = loadChallengesForMap($challengeMapID, $userID);
if($challengeResultset === NULL)
{
redirectToChallengeListing();
@@ -134,13 +135,13 @@ function displayChallenges($challengeResultset) echo '<div id="challenges_listing"><ul class="challenge_ulist">';
while($challenge = mysql_fetch_array($challengeResultset))
{
- $mapID = $_GET["mapID"];
+ $challengeMapID = $_GET["challengeMapID"];
$challengeId = $challenge["challengeID"];
if($challenge["dateSolved"] !== NULL)
$cssClass = "challenge_complete";
else
$cssClass = "challenge_incomplete";
- $loadSolutionString = "<a href='javascript:requestChallengeSolution(\"$mapID\", \"$challengeId\");'> Load this solution</a>";
+ $loadSolutionString = "<a href='javascript:requestChallengeSolution(\"$challengeMapID\", \"$challengeId\");'> Load this solution</a>";
echo "<li class='$cssClass' id='challenge_id_$challengeId'>" . getChallengeDisplayString($challenge) . " $loadSolutionString </li>";
}
echo "</ul></div></div>";
|