From 78710166a1501f3977348b1fe48013c4d5ce4ad5 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Mon, 20 Apr 2020 09:53:44 +0100
Subject: [PATCH] add a extra escape, fixes #718

---
 ext/image/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/image/main.php b/ext/image/main.php
index 80ff3d0b..e4091141 100644
--- a/ext/image/main.php
+++ b/ext/image/main.php
@@ -59,7 +59,7 @@ class ImageIO extends Extension
         } elseif ($event->page_matches("image/replace")) {
             global $page, $user;
             if ($user->can(Permissions::REPLACE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) {
-                $image = Image::by_id($_POST['image_id']);
+                $image = Image::by_id(int_escape($_POST['image_id']));
                 if ($image) {
                     $page->set_mode(PageMode::REDIRECT);
                     $page->set_redirect(make_link('upload/replace/'.$image->id));