4 files changed, 4 insertions, 3 deletions

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index e7e8d488a..94b65d7b8 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -5,6 +5,7 @@ Drupal x.x.x, xxxx-xx-xx (development version)
     * improved configurability of the contact forms.
 - distributed authentication:
     * added default server option.
+- fixed critical SQL issue, see SA-2006-005
 
 Drupal 4.7.0, 2006-05-01
 ------------------------
diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc
index 037106b0a..18b2ca772 100644
--- a/includes/database.mysql.inc
+++ b/includes/database.mysql.inc
@@ -265,7 +265,7 @@ function db_query_range($query) {
   }
   _db_query_callback($args, TRUE);
   $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
-  $query .= ' LIMIT '. $from .', '. $count;
+  $query .= ' LIMIT '. (int)$from .', '. (int)$count;
   return _db_query($query);
 }
 
diff --git a/includes/database.mysqli.inc b/includes/database.mysqli.inc
index 97a4daf2a..0bbe3fea4 100644
--- a/includes/database.mysqli.inc
+++ b/includes/database.mysqli.inc
@@ -267,7 +267,7 @@ function db_query_range($query) {
   }
   _db_query_callback($args, TRUE);
   $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
-  $query .= ' LIMIT '. $from .', '. $count;
+  $query .= ' LIMIT '. (int)$from .', '. (int)$count;
   return _db_query($query);
 }
 
diff --git a/includes/database.pgsql.inc b/includes/database.pgsql.inc
index dc8d081db..cefc82a07 100644
--- a/includes/database.pgsql.inc
+++ b/includes/database.pgsql.inc
@@ -241,7 +241,7 @@ function db_query_range($query) {
   }
   _db_query_callback($args, TRUE);
   $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
-  $query .= ' LIMIT '. $count .' OFFSET '. $from;
+  $query .= ' LIMIT '. (int)$count .' OFFSET '. (int)$from;
   return _db_query($query);
 }