tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #47 from silverstripe-security/patch/3.5/SS-2017-008 

[SS-2017-008] FIX Make sure int params are successfull cast to int
This commit is contained in:
Damian Mooyman 2017-12-06 17:30:51 +13:00 committed by GitHub
parent d09c2d7b03 0f2049d4d4
commit a8465900bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
model/connect/MySQLDatabase.php
View File

@ -105,10 +105,14 @@ class MySQLDatabase extends SS_Database {
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC",
$extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false
) {
if (!class_exists('SiteTree'))
throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class');
if (!class_exists('File'))
throw new Exception('MySQLDatabase->searchEngine() requires "File" class');
if (!class_exists('SiteTree')) {
throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class');
}
if (!class_exists('File')) {
throw new Exception('MySQLDatabase->searchEngine() requires "File" class');
}
$start = (int)$start;
$pageLength = (int)$pageLength;
$keywords = $this->escapeString($keywords);
$htmlEntityKeywords = htmlentities($keywords, ENT_NOQUOTES, 'UTF-8');
@ -134,7 +138,7 @@ class MySQLDatabase extends SS_Database {
if (array_key_exists('ShowInSearch', $fields))
$extraFilters['File'] .= " AND ShowInSearch <> 0";
$limit = $start . ", " . (int) $pageLength;
$limit = $start . ", " . $pageLength;
$notMatch = $invertedMatch
? "NOT "