diff options
| author | Dave Paul <dave.paul@jadu.net> | 2018-03-06 15:40:29 +0000 |
|---|---|---|
| committer | Damien Regad <dregad@mantisbt.org> | 2018-03-30 02:24:54 +0200 |
| commit | d29c23f2264ec95c6d3851e0f51ce240b2f36b74 (patch) | |
| tree | 38c7f723c0fcf78214ab1f65cc940858d4355e6d /drivers/adodb-borland_ibase.inc.php | |
| parent | 34788ce8c1d08500631f55764cc2247b9c7cfd2b (diff) | |
| download | adodb-d29c23f2264ec95c6d3851e0f51ce240b2f36b74.tar.gz adodb-d29c23f2264ec95c6d3851e0f51ce240b2f36b74.tar.bz2 adodb-d29c23f2264ec95c6d3851e0f51ce240b2f36b74.zip | |
Fix potential SQL injection in SelectLimit()
The `SelectLimit` function has a potential SQL injection vulnerability
through the use of the `nrows` and `offset` parameters which are not
forced to integers.
This is a follow-up on #311, and fixes all remaining drivers that do not
use ADOConnection::SelectLimit().
Fixes #401
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Original commits squashed, message reworded. Fixed whitespace.
Diffstat (limited to 'drivers/adodb-borland_ibase.inc.php')
| -rw-r--r-- | drivers/adodb-borland_ibase.inc.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/adodb-borland_ibase.inc.php b/drivers/adodb-borland_ibase.inc.php index 05fb4607..70c30fbb 100644 --- a/drivers/adodb-borland_ibase.inc.php +++ b/drivers/adodb-borland_ibase.inc.php @@ -53,6 +53,8 @@ class ADODB_borland_ibase extends ADODB_ibase { // SELECT FIRST 5 SKIP 2 col1, col2 FROM TABLE function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; if ($nrows > 0) { if ($offset <= 0) $str = " ROWS $nrows "; else { |
