From 4b1dfbc2fb3895c44e8d3b0d24f1e9b06d34b321 Mon Sep 17 00:00:00 2001
From: appchecker <appchecker@cnpo.ru>
Date: Mon, 11 Jul 2016 12:56:05 +0300
Subject: [PATCH] replace intval with GETPOST

---
 htdocs/admin/menus/edit.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php
index 47d77e380c6..de8a299cece 100644
--- a/htdocs/admin/menus/edit.php
+++ b/htdocs/admin/menus/edit.php
@@ -243,7 +243,7 @@ if ($action == 'confirm_delete' && $_POST["confirm"] == 'yes')
 {
     $this->db->begin();
 
-    $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".intval($_GET['menuId']);
+    $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".GETPOST('menuId', 'int');
     $db->query($sql);
 
     if ($result == 0)
@@ -312,7 +312,7 @@ if ($action == 'create')
     $parent_rowid = $_GET['menuId'];
     if ($_GET['menuId'])
     {
-        $sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".intval($_GET['menuId']);
+        $sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".GETPOST('menuId', 'int');
         $res  = $db->query($sql);
         if ($res)
         {