From b1f37f1ccbb7959f926da9b5ed6fffd642cbc2c6 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Fri, 31 Jul 2020 14:55:30 +0100
Subject: [PATCH] another escape

---
 ext/numeric_score/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/numeric_score/main.php b/ext/numeric_score/main.php
index f6e1b315..8024304c 100644
--- a/ext/numeric_score/main.php
+++ b/ext/numeric_score/main.php
@@ -152,7 +152,7 @@ class NumericScore extends Extension
             $result = $database->get_col($sql, $args);
             $images = [];
             foreach ($result as $id) {
-                $images[] = Image::by_id($id);
+                $images[] = Image::by_id(int_escape($id));
             }
 
             $this->theme->view_popular($images, $dte);