summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org>2006-05-24 20:46:56 +0000
committerGerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org>2006-05-24 20:46:56 +0000
commit369c776c4c7a4187a075fafd429e515ba6325e97 (patch)
treef5a2001f3c9f1829f615472a8c6db76f69c6a643
parentc08eafe0eee16f3838070910b19122f77c293096 (diff)
downloadbrdo-369c776c4c7a4187a075fafd429e515ba6325e97.tar.gz
brdo-369c776c4c7a4187a075fafd429e515ba6325e97.tar.bz2
SQL abstraction layer improvement.
Diffstat
-rw-r--r--CHANGELOG.txt1
-rw-r--r--includes/database.mysql.inc2
-rw-r--r--includes/database.mysqli.inc2
-rw-r--r--includes/database.pgsql.inc2
4 files changed, 4 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index e7e8d488a..94b65d7b8 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -5,6 +5,7 @@ Drupal x.x.x, xxxx-xx-xx (development version)
* improved configurability of the contact forms.
- distributed authentication:
* added default server option.
+- fixed critical SQL issue, see SA-2006-005
Drupal 4.7.0, 2006-05-01
------------------------
diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc
index 037106b0a..18b2ca772 100644
--- a/includes/database.mysql.inc
+++ b/includes/database.mysql.inc
@@ -265,7 +265,7 @@ function db_query_range($query) {
}
_db_query_callback($args, TRUE);
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- $query .= ' LIMIT '. $from .', '. $count;
+ $query .= ' LIMIT '. (int)$from .', '. (int)$count;
return _db_query($query);
}
diff --git a/includes/database.mysqli.inc b/includes/database.mysqli.inc
index 97a4daf2a..0bbe3fea4 100644
--- a/includes/database.mysqli.inc
+++ b/includes/database.mysqli.inc
@@ -267,7 +267,7 @@ function db_query_range($query) {
}
_db_query_callback($args, TRUE);
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- $query .= ' LIMIT '. $from .', '. $count;
+ $query .= ' LIMIT '. (int)$from .', '. (int)$count;
return _db_query($query);
}
diff --git a/includes/database.pgsql.inc b/includes/database.pgsql.inc
index dc8d081db..cefc82a07 100644
--- a/includes/database.pgsql.inc
+++ b/includes/database.pgsql.inc
@@ -241,7 +241,7 @@ function db_query_range($query) {
}
_db_query_callback($args, TRUE);
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
- $query .= ' LIMIT '. $count .' OFFSET '. $from;
+ $query .= ' LIMIT '. (int)$count .' OFFSET '. (int)$from;
return _db_query($query);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 08:25:30 +0000