simon_w: #2122 - Bug in PageComments class (Security)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@47930 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Andrew O'Neil 2008-01-13 20:06:35 +00:00
parent 033f55f5c1
commit 2259c8f6d9

View File

@ -182,8 +182,9 @@ class PageComment extends DataObject {
$this->Parent()->Title
);
}
function rss() {
$parentcheck = isset($_REQUEST['pageid']) ? "ParentID = {$_REQUEST['pageid']}" : "ParentID > 0";
$parentcheck = isset($_REQUEST['pageid']) ? "ParentID = " . (int) $_REQUEST['pageid'] : "ParentID > 0";
$comments = DataObject::get("PageComment", "$parentcheck AND IsSpam=0", "Created DESC", "", 10);
if(!isset($comments)) {
$comments = new DataObjectSet();