- Patch #811776 by Heine: regresssion of SA-2006-005 - SQL Injection via db_query_range().

author: Dries Buytaert <dries@buytaert.net> 2010-06-01 09:24:09 +0000
committer: Dries Buytaert <dries@buytaert.net> 2010-06-01 09:24:09 +0000
commit: d297ac7464fd8a307910052d7e391ae6588f9451 (patch)
tree: 632707373dcd1f6f598348036985a94d207d6d4d /includes/database/pgsql
parent: cf822bd236e119b62ea31159588f0d03d2aa79bf (diff)
download: brdo-d297ac7464fd8a307910052d7e391ae6588f9451.tar.gz
brdo-d297ac7464fd8a307910052d7e391ae6588f9451.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/database/pgsql/database.inc b/includes/database/pgsql/database.inc
index 35179e855..2aff55b87 100644
--- a/includes/database/pgsql/database.inc
+++ b/includes/database/pgsql/database.inc
@@ -106,7 +106,7 @@ class DatabaseConnection_pgsql extends DatabaseConnection {
   }
 
   public function queryRange($query, $from, $count, array $args = array(), array $options = array()) {
-    return $this->query($query . ' LIMIT ' . $count . ' OFFSET ' . $from, $args, $options);
+    return $this->query($query . ' LIMIT ' . (int) $count . ' OFFSET ' . (int) $from, $args, $options);
   }
 
   public function queryTemporary($query, array $args = array(), array $options = array()) {
author	Dries Buytaert <dries@buytaert.net>	2010-06-01 09:24:09 +0000
committer	Dries Buytaert <dries@buytaert.net>	2010-06-01 09:24:09 +0000
commit	d297ac7464fd8a307910052d7e391ae6588f9451 (patch)
tree	632707373dcd1f6f598348036985a94d207d6d4d /includes/database/pgsql
parent	cf822bd236e119b62ea31159588f0d03d2aa79bf (diff)
download	brdo-d297ac7464fd8a307910052d7e391ae6588f9451.tar.gz brdo-d297ac7464fd8a307910052d7e391ae6588f9451.tar.bz2