Merged 2.1.1-sportswgtn (SQL injection fix)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.1@58991 467b73ca-7a2a-4603-9d3b-597d59a354a9

code/sitefeatures/PageComment.php

@@ -163,7 +163,7 @@ class PageComment extends DataObject {
 		return "Comment by '". Convert::raw2xml($this->Name) . "' on " . $this->Parent()->Title;
 	}
 	function rss() {
-		$parentcheck = isset($_REQUEST['pageid']) ? "ParentID = {$_REQUEST['pageid']}" : "ParentID > 0";
+		$parentcheck = isset($_REQUEST['pageid']) ? "ParentID = " . (int) $_REQUEST['pageid'] : "ParentID > 0";
 		$comments = DataObject::get("PageComment", "$parentcheck AND IsSpam=0", "Created DESC", "", 10);
 		if(!isset($comments)) {
 			$comments = new DataObjectSet();
@@ -187,4 +187,4 @@ class PageComment extends DataObject {
 	}
 }
 
-?>
+?>