From 7e0b0f477355b7f16a609fba099b422cbd3d381f Mon Sep 17 00:00:00 2001
From: laf <neil@lathwood.co.uk>
Date: Tue, 24 Jun 2014 16:14:42 +0100
Subject: [PATCH 1/2] Created validate_device_id() function

---
 includes/functions.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/includes/functions.php b/includes/functions.php
index 4ab9d9d832..8b6352ffa4 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -916,4 +916,19 @@ function scan_new_plugins()
 
 }
 
+function validate_device_id($id)
+{
+
+  global $config;
+  $device_id = dbFetchCell("SELECT `device_id` FROM `devices` WHERE `device_id` = ?", array($id));
+  if($device_id == $id)
+  {
+    $return = true;
+  }
+  else
+  {
+    $return = false;
+  }
+  return($return);
+}
 ?>

From 78ecb752303c0793152d68d75b115f8a1f64f9df Mon Sep 17 00:00:00 2001
From: laf <neil@lathwood.co.uk>
Date: Thu, 26 Jun 2014 00:33:00 +0100
Subject: [PATCH 2/2] Added null check for $id

---
 includes/functions.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 8b6352ffa4..20fa4b7a8b 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -920,14 +920,21 @@ function validate_device_id($id)
 {
 
   global $config;
-  $device_id = dbFetchCell("SELECT `device_id` FROM `devices` WHERE `device_id` = ?", array($id));
-  if($device_id == $id)
+  if(empty($id) || !is_numeric($id))
   {
-    $return = true;
+    $return = false;
   }
   else
   {
-    $return = false;
+    $device_id = dbFetchCell("SELECT `device_id` FROM `devices` WHERE `device_id` = ?", array($id));
+    if($device_id == $id)
+    {
+      $return = true;
+    }
+    else
+    {
+      $return = false;
+    }
   }
   return($return);
 }