From 8056ce9f87db722ceedb8ace658a4363225a60af Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Thu, 4 Jul 2013 12:42:03 +0200
Subject: [PATCH] Adding input check for AP and Donation

Fixes #354
---
 public/include/classes/user.class.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 6f8394dc..a1d508e8 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -282,14 +282,20 @@ class User {
     $bUser = false;
 
     // number validation checks
-    if ($threshold < $this->config['ap_threshold']['min'] && $threshold != 0) {
+    if (!is_numeric($threshold)) {
+      $this->setErrorMessage('Invalid input for auto-payout');
+      return false;
+    } else if ($threshold < $this->config['ap_threshold']['min'] && $threshold != 0) {
       $this->setErrorMessage('Threshold below configured minimum of ' . $this->config['ap_threshold']['min']);
       return false;
     } else if ($threshold > $this->config['ap_threshold']['max']) {
       $this->setErrorMessage('Threshold above configured maximum of ' . $this->config['ap_threshold']['max']);
       return false;
     }
-    if ($donate < 0) {
+    if (!is_numeric($donate)) {
+      $this->setErrorMessage('Invalid input for donation');
+      return false;
+    } else if ($donate < 0) {
       $this->setErrorMessage('Donation below allowed 0% limit');
       return false;
     } else if ($donate > 100) {