mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #47 from silverstripe-security/patch/3.5/SS-2017-008
[SS-2017-008] FIX Make sure int params are successfull cast to int
This commit is contained in:
commit
a8465900bd
@ -105,10 +105,14 @@ class MySQLDatabase extends SS_Database {
|
|||||||
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC",
|
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC",
|
||||||
$extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false
|
$extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false
|
||||||
) {
|
) {
|
||||||
if (!class_exists('SiteTree'))
|
if (!class_exists('SiteTree')) {
|
||||||
throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class');
|
throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class');
|
||||||
if (!class_exists('File'))
|
}
|
||||||
|
if (!class_exists('File')) {
|
||||||
throw new Exception('MySQLDatabase->searchEngine() requires "File" class');
|
throw new Exception('MySQLDatabase->searchEngine() requires "File" class');
|
||||||
|
}
|
||||||
|
$start = (int)$start;
|
||||||
|
$pageLength = (int)$pageLength;
|
||||||
|
|
||||||
$keywords = $this->escapeString($keywords);
|
$keywords = $this->escapeString($keywords);
|
||||||
$htmlEntityKeywords = htmlentities($keywords, ENT_NOQUOTES, 'UTF-8');
|
$htmlEntityKeywords = htmlentities($keywords, ENT_NOQUOTES, 'UTF-8');
|
||||||
@ -134,7 +138,7 @@ class MySQLDatabase extends SS_Database {
|
|||||||
if (array_key_exists('ShowInSearch', $fields))
|
if (array_key_exists('ShowInSearch', $fields))
|
||||||
$extraFilters['File'] .= " AND ShowInSearch <> 0";
|
$extraFilters['File'] .= " AND ShowInSearch <> 0";
|
||||||
|
|
||||||
$limit = $start . ", " . (int) $pageLength;
|
$limit = $start . ", " . $pageLength;
|
||||||
|
|
||||||
$notMatch = $invertedMatch
|
$notMatch = $invertedMatch
|
||||||
? "NOT "
|
? "NOT "
|
||||||
|
Loading…
Reference in New Issue
Block a user