Merge pull request #1 from silverstripe-security/patch/1/SS-2017-008

[SS-2017-008] Fix SQL injection in search engine
2017-12-07 15:58:57 +13:00 · 2017-12-07 15:58:57 +13:00 · aa21b10005
parent 0f8c146e99 ada270c884
commit aa21b10005
1 changed files with 2 additions and 0 deletions
--- a/code/MSSQLDatabase.php
+++ b/code/MSSQLDatabase.php
@ -197,6 +197,8 @@ class MSSQLDatabase extends SS_Database
     */
    public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false)
    {
+        $start = (int)$start;
+        $pageLength = (int)$pageLength;
        if (isset($objects)) {
            $results = new ArrayList($objects);
        } else {