- Patch #1684976 by droplet, timmillwood: Better validation for statistics.php.

6908c07f · Dries Buytaert · 4b2dfc3a · 6908c07f
Commit 6908c07f authored 12 years ago by Dries Buytaert
--- a/core/modules/statistics/statistics.php
+++ b/core/modules/statistics/statistics.php
@@ -17,8 +17,8 @@
 drupal_bootstrap(DRUPAL_BOOTSTRAP_VARIABLES);

 if (config('statistics.settings')->get('count_content_views')) {
-  $nid = $_POST['nid'];
-  if (is_numeric($nid)) {
+  $nid = filter_input(INPUT_POST, 'nid', FILTER_VALIDATE_INT);
+  if ($nid) {
    db_merge('node_counter')
      ->key(array('nid' => $nid))
      ->fields(array(