diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2013-01-22 15:46:48 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2013-01-22 15:46:48 +0100 |
| commit | ffde887aadfcb9d3db2c42cf09e22745e5d62430 (patch) | |
| tree | ccfe6b90875a3353f7b9a0f18235e0c8ff53028e | |
| parent | c0ab3f3ddddefa8f902ffa57c864e6db5bf1f440 (diff) | |
| download | forums-ffde887aadfcb9d3db2c42cf09e22745e5d62430.tar forums-ffde887aadfcb9d3db2c42cf09e22745e5d62430.tar.gz forums-ffde887aadfcb9d3db2c42cf09e22745e5d62430.tar.bz2 forums-ffde887aadfcb9d3db2c42cf09e22745e5d62430.tar.xz forums-ffde887aadfcb9d3db2c42cf09e22745e5d62430.zip | |
[ticket/10714] Cast values to integer before using them in the query
PHPBB3-10714
| -rw-r--r-- | phpBB/includes/log/log.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/phpBB/includes/log/log.php b/phpBB/includes/log/log.php index 33c558695c..841612f7bd 100644 --- a/phpBB/includes/log/log.php +++ b/phpBB/includes/log/log.php @@ -408,10 +408,10 @@ class phpbb_log implements phpbb_log_interface if ($count_logs) { $sql = 'SELECT COUNT(l.log_id) AS total_entries - FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u - WHERE l.log_type = $log_type + FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . ' u + WHERE l.log_type = ' . (int) $log_type . ' AND l.user_id = u.user_id - AND l.log_time >= $log_time + AND l.log_time >= ' . (int) $log_time . " $sql_keywords $sql_additional"; $result = $this->db->sql_query($sql); @@ -433,10 +433,10 @@ class phpbb_log implements phpbb_log_interface } $sql = 'SELECT l.*, u.username, u.username_clean, u.user_colour - FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u - WHERE l.log_type = $log_type + FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . ' u + WHERE l.log_type = ' . (int) $log_type . ' AND u.user_id = l.user_id - " . (($log_time) ? "AND l.log_time >= $log_time" : '') . " + ' . (($log_time) ? 'AND l.log_time >= ' . (int) $log_time : '') . " $sql_keywords $sql_additional ORDER BY $sort_by"; |