From ee356b1ad75a0bd5ca90ad72d504daefd5fa76f8 Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@silverstripe.com>
Date: Tue, 21 Nov 2017 15:34:59 +0000
Subject: [PATCH] [SS-2017-008] Fix SQL injection in search engine

---
 code/PostgreSQLDatabase.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/code/PostgreSQLDatabase.php b/code/PostgreSQLDatabase.php
index b5a2508..734a994 100644
--- a/code/PostgreSQLDatabase.php
+++ b/code/PostgreSQLDatabase.php
@@ -261,6 +261,9 @@ class PostgreSQLDatabase extends SS_Database {
 	 * @return object DataObjectSet of result pages
 	 */
 	public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "ts_rank DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) {
+		$start = (int)$start;
+		$pageLength = (int)$pageLength;
+
 		//Fix the keywords to be ts_query compatitble:
 		//Spaces must have pipes
 		//@TODO: properly handle boolean operators here.