From b4e5e3fda7f3cf3d27741b6f15128e286dfa9830 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Mon, 4 Aug 2025 12:06:05 -0400
Subject: [PATCH] Fix injection with role id affecting authenticated admin
 accounts only

---
 admin/post/roles.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/post/roles.php b/admin/post/roles.php
index 928b10d6..fb79c254 100644
--- a/admin/post/roles.php
+++ b/admin/post/roles.php
@@ -30,7 +30,7 @@ if (isset($_POST['edit_role'])) {
 
     validateCSRFToken($_POST['csrf_token']);
 
-    $role_id = sanitizeInput($_POST['role_id']);
+    $role_id = intval($_POST['role_id']);
     $name = sanitizeInput($_POST['role_name']);
     $description = sanitizeInput($_POST['role_description']);
     $admin = intval($_POST['role_is_admin']);