From 2408cc5c69209350a350246e260de494720eb773 Mon Sep 17 00:00:00 2001 From: brettp Date: Mon, 18 Apr 2011 18:47:17 +0000 Subject: Fixes #2046. Applied Franz' patch for sanitize_int(). git-svn-id: http://code.elgg.org/elgg/trunk@9004 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/database.php | 21 +++++++++++++++------ engine/lib/entities.php | 2 +- engine/lib/metastrings.php | 4 ++-- engine/lib/river.php | 4 ++-- 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/engine/lib/database.php b/engine/lib/database.php index a9c4017a0..6b1b494b9 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -680,22 +680,31 @@ function sanitize_string($string) { * Sanitises an integer for database use. * * @param int $int Integer - * + * @param bool[optional] $signed Whether negative values should be allowed (true) * @return int Sanitised integer */ -function sanitise_int($int) { +function sanitise_int($int, $signed = true) { + $int = (int) $int; + + if ($signed === false) { + if ($int < 0) { + $int = 0; + } + } + return (int) $int; } /** - * Wrapper function for alternate English spelling + * Sanitises an integer for database use. + * Wrapper function for alternate English spelling (@see sanitise_int) * * @param int $int Integer - * + * @param bool[optional] $signed Whether negative values should be allowed (true) * @return int Sanitised integer */ -function sanitize_int($int) { - return (int) $int; +function sanitize_int($int, $signed = true) { + return sanitise_int($int, $signed); } /** diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 685c68a5b..cb197b569 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -922,7 +922,7 @@ function elgg_get_entities(array $options = array()) { if ($options['limit']) { $limit = sanitise_int($options['limit']); - $offset = sanitise_int($options['offset']); + $offset = sanitise_int($options['offset'], false); $query .= " LIMIT $offset, $limit"; } diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php index 604c7f765..655617ac6 100644 --- a/engine/lib/metastrings.php +++ b/engine/lib/metastrings.php @@ -319,7 +319,7 @@ function elgg_get_metastring_based_objects($options) { 'metastring_owner_guid', 'metastring_id', 'select', 'where', 'join' ); - + $options = elgg_normalise_plural_options_array($options, $singulars); if (!$options) { @@ -456,7 +456,7 @@ function elgg_get_metastring_based_objects($options) { if ($options['limit']) { $limit = sanitise_int($options['limit']); - $offset = sanitise_int($options['offset']); + $offset = sanitise_int($options['offset'], false); $query .= " LIMIT $offset, $limit"; } diff --git a/engine/lib/river.php b/engine/lib/river.php index 55d1c783a..80f285e50 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -302,7 +302,7 @@ function elgg_get_river(array $options = array()) { if ($options['limit']) { $limit = sanitise_int($options['limit']); - $offset = sanitise_int($options['offset']); + $offset = sanitise_int($options['offset'], false); $query .= " LIMIT $offset, $limit"; } @@ -375,7 +375,7 @@ function elgg_row_to_elgg_river_item($row) { function elgg_river_get_access_sql() { // rewrite default access where clause to work with river table return str_replace("and enabled='yes'", '', - str_replace('owner_guid', 'rv.subject_guid', + str_replace('owner_guid', 'rv.subject_guid', str_replace('access_id', 'rv.access_id', get_access_sql_suffix()))); } -- cgit v1.2.3