**Key Information Summary**: - **Commit Summary**: - Title: Security Fixes - Author: VINADES.JSC (authored and hoaquynhtim99 committed) - Commit Date: December 23, 2019 - **Affected Files**: - `detail.php` - `search_result.php` - **Main Code Changes**: - `detail.php`: - **Line 19**: - Fixed the logic for handling `$listid`, ensuring each element of `$listid` is converted to integer type. - **Line 93**: - Changed the handling of `$array_tmp[$row['field']]` from `unserialize($row['language'])` to direct assignment, preventing potential serialization-related attacks. - `search_result.php`: - **Line 41**: - Corrected the logic for handling `$group_price_i`, ensuring each price range is treated as integer type to prevent injection attacks. - **Key Fixes**: - Prevented security issues caused by improper input handling, such as SQL injection and serialization-related attacks. - Ensured variables are properly converted to expected types (e.g., integer) before use, mitigating vulnerabilities caused by type mismatches. ```markdown ### Key Information - **Author**: VINADES.JSC, hoaquynhtim99 - **Date**: 2019-12-23 - **Modified Files**: detail.php, search_result.php - **Fix Type**: Prevention of SQL Injection and Serialization Attacks