--- a/s4-blog.sh	Sat Jun 15 14:32:50 2019 +0900
+++ b/s4-blog.sh	Sat Jun 15 14:33:39 2019 +0900
@@ -649,7 +649,8 @@
 }
 gethandout() {
   # $1=rowid of blog
-  blog_writable $1 $user
+  rid=`numericalize "$1"`
+  blog_writable $rid $user
   rc=$?		# =0: writable, $BLOG_NOTMEM bit set => not member
   if [ $((rc & $BLOG_NOTMEM)) -gt 0 ] ; then
     echo "メンバー以外は利用できません。" | html p; return
@@ -658,7 +659,7 @@
   bd=$tmpd/archive.$$
   mkdir $bd
   query "select m.rowid,author,m.val from article a join article_m m\
-	 on a.id=m.id where blogid=(select id from blog where rowid=$1)\
+	 on a.id=m.id where blogid=(select id from blog where rowid=$rid)\
 	 and m.key in ('image', 'document', 'binary');" \
       | while IFS='|' read rowid author filename; do
 	  err isfilereadable $user article_m $rowid
@@ -986,7 +987,7 @@
 
 blog_addentry() {
   # $1=GRPname(if it is a group)
-  grprowid=$1
+  grprowid=`numericalize $1`
   rowid=`getpar rowid`
   ## err blog_addentry0: rowid=$rowid
   if [ -n "$grprowid" ]; then
@@ -994,7 +995,7 @@
   else
     owner=`getpar owner`
   fi
-  err blog-add: \$1=$1 rowid=$rowid owner=$owner
+  err blog-add: \$1=$grprowid rowid=$rowid owner=$owner
   if isgroup "$owner"; then
     groupmode=1 listing=$owner guide="[${owner}]" GF_OWNER=$owner
   else
@@ -1047,7 +1048,7 @@
 }
 
 blog_reply() {		# Posting to blog article
-  rowid=$1
+  rowid=`numericalize $1`	# Ensure (already purified in s4.cgi)
 
   if [ -z "$rowid" ]; then
     echo "表示する日記番号が未指定です。" | html p