From 9729fa9a3e6fbc559156ccd2b83b64b73e4b0194 Mon Sep 17 00:00:00 2001
From: Fyorl <gaelreth@gmail.com>
Date: Tue, 14 Aug 2012 14:43:36 +0100
Subject: [feature/attach-dl] Cast variables to int

PHPBB3-11042
---
 phpBB/includes/functions_download.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'phpBB/includes/functions_download.php')

diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index ed2f598429..0be12aa617 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -689,9 +689,9 @@ function phpbb_download_check_pm_auth($db, $user_id, $msg_id)
 	// Check if the attachment is within the users scope...
 	$sql = 'SELECT user_id, author_id
 		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE msg_id = ' . $msg_id . "
-			AND user_id = $user_id
-			OR author_id = $user_id";
+		WHERE msg_id = ' . (int) $msg_id . '
+			AND user_id = ' . (int) $user_id . '
+			OR author_id = ' . (int) $user_id;
 	$result = $db->sql_query_limit($sql, 1);
 	$allowed = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
-- 
cgit v1.2.1