From ada270c884cba88541c4956944e9d93c2fb69379 Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dan@hens.by>
Date: Wed, 22 Nov 2017 11:52:50 +0000
Subject: [PATCH] [SS-2017-008] Fix SQL injection in search engine

---
 code/MSSQLDatabase.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/code/MSSQLDatabase.php b/code/MSSQLDatabase.php
index 27bf4aa..f0bc736 100644
--- a/code/MSSQLDatabase.php
+++ b/code/MSSQLDatabase.php
@@ -197,6 +197,8 @@ class MSSQLDatabase extends SS_Database
      */
     public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false)
     {
+        $start = (int)$start;
+        $pageLength = (int)$pageLength;
         if (isset($objects)) {
             $results = new ArrayList($objects);
         } else {