Merge pull request #1 from silverstripe-security/patch/1/SS-2017-008

[SS-2017-008] Fix SQL injection in search engine
This commit is contained in:
Damian Mooyman 2017-12-07 15:58:57 +13:00 committed by GitHub
commit aa21b10005
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -197,6 +197,8 @@ class MSSQLDatabase extends SS_Database
*/
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false)
{
$start = (int)$start;
$pageLength = (int)$pageLength;
if (isset($objects)) {
$results = new ArrayList($objects);
} else {