tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-06-26 14:39:27 +02:00
Code Issues Projects Releases Wiki Activity

simon_w: #2122 - Bug in PageComments class (Security)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@47930 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Andrew O'Neil 2008-01-13 20:06:35 +00:00
parent 033f55f5c1
commit 2259c8f6d9
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/sitefeatures/PageComment.php
View File

@ -182,8 +182,9 @@ class PageComment extends DataObject {
$this->Parent()->Title
);
}
function rss() {
$parentcheck = isset($_REQUEST['pageid']) ? "ParentID = {$_REQUEST['pageid']}" : "ParentID > 0";
$parentcheck = isset($_REQUEST['pageid']) ? "ParentID = " . (int) $_REQUEST['pageid'] : "ParentID > 0";
$comments = DataObject::get("PageComment", "$parentcheck AND IsSpam=0", "Created DESC", "", 10);
if(!isset($comments)) {
$comments = new DataObjectSet();