aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-04-18 18:47:17 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-04-18 18:47:17 +0000
commit2408cc5c69209350a350246e260de494720eb773 (patch)
tree50f278b2a70d4c5a850a32a6349083deed760341
parente18e17ef647e7faf4563bb8ce77ffe448bc929cb (diff)
downloadelgg-2408cc5c69209350a350246e260de494720eb773.tar.gz
elgg-2408cc5c69209350a350246e260de494720eb773.tar.bz2
Fixes #2046. Applied Franz' patch for sanitize_int().
git-svn-id: http://code.elgg.org/elgg/trunk@9004 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/database.php21
-rw-r--r--engine/lib/entities.php2
-rw-r--r--engine/lib/metastrings.php4
-rw-r--r--engine/lib/river.php4
4 files changed, 20 insertions, 11 deletions
diff --git a/engine/lib/database.php b/engine/lib/database.php
index a9c4017a0..6b1b494b9 100644
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -680,22 +680,31 @@ function sanitize_string($string) {
* Sanitises an integer for database use.
*
* @param int $int Integer
- *
+ * @param bool[optional] $signed Whether negative values should be allowed (true)
* @return int Sanitised integer
*/
-function sanitise_int($int) {
+function sanitise_int($int, $signed = true) {
+ $int = (int) $int;
+
+ if ($signed === false) {
+ if ($int < 0) {
+ $int = 0;
+ }
+ }
+
return (int) $int;
}
/**
- * Wrapper function for alternate English spelling
+ * Sanitises an integer for database use.
+ * Wrapper function for alternate English spelling (@see sanitise_int)
*
* @param int $int Integer
- *
+ * @param bool[optional] $signed Whether negative values should be allowed (true)
* @return int Sanitised integer
*/
-function sanitize_int($int) {
- return (int) $int;
+function sanitize_int($int, $signed = true) {
+ return sanitise_int($int, $signed);
}
/**
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 685c68a5b..cb197b569 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -922,7 +922,7 @@ function elgg_get_entities(array $options = array()) {
if ($options['limit']) {
$limit = sanitise_int($options['limit']);
- $offset = sanitise_int($options['offset']);
+ $offset = sanitise_int($options['offset'], false);
$query .= " LIMIT $offset, $limit";
}
diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php
index 604c7f765..655617ac6 100644
--- a/engine/lib/metastrings.php
+++ b/engine/lib/metastrings.php
@@ -319,7 +319,7 @@ function elgg_get_metastring_based_objects($options) {
'metastring_owner_guid', 'metastring_id',
'select', 'where', 'join'
);
-
+
$options = elgg_normalise_plural_options_array($options, $singulars);
if (!$options) {
@@ -456,7 +456,7 @@ function elgg_get_metastring_based_objects($options) {
if ($options['limit']) {
$limit = sanitise_int($options['limit']);
- $offset = sanitise_int($options['offset']);
+ $offset = sanitise_int($options['offset'], false);
$query .= " LIMIT $offset, $limit";
}
diff --git a/engine/lib/river.php b/engine/lib/river.php
index 55d1c783a..80f285e50 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -302,7 +302,7 @@ function elgg_get_river(array $options = array()) {
if ($options['limit']) {
$limit = sanitise_int($options['limit']);
- $offset = sanitise_int($options['offset']);
+ $offset = sanitise_int($options['offset'], false);
$query .= " LIMIT $offset, $limit";
}
@@ -375,7 +375,7 @@ function elgg_row_to_elgg_river_item($row) {
function elgg_river_get_access_sql() {
// rewrite default access where clause to work with river table
return str_replace("and enabled='yes'", '',
- str_replace('owner_guid', 'rv.subject_guid',
+ str_replace('owner_guid', 'rv.subject_guid',
str_replace('access_id', 'rv.access_id', get_access_sql_suffix())));
}