From: Yuri Astrakhan <yurik@users.mediawiki.org>
Date: Mon, 1 May 2006 05:20:52 +0000 (+0000)
Subject: added isnumeric check to limitResult() to prevent a possible sql injection.
X-Git-Tag: 1.31.0-rc.0~57297
X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_aide%28?a=commitdiff_plain;h=1fa6bb29b54676b02b3a06400f80dd2e6b74fc56;p=lhc%2Fweb%2Fwiklou.git

added isnumeric check to limitResult() to prevent a possible sql injection.
---

diff --git a/includes/Database.php b/includes/Database.php
index 55d5f969bb..133f4a1ac0 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -1386,7 +1386,12 @@ class Database {
 	 * $offset integer the SQL offset (default false)
 	 */
 	function limitResult($sql, $limit, $offset=false) {
-		return " $sql LIMIT ".((is_numeric($offset) && $offset != 0)?"{$offset},":"")."{$limit} ";
+		if( !is_numeric($limit) ) {
+			wfDie( "Invalid non-numeric limit passed to limitResult()\n" );
+		}
+		return " $sql LIMIT "
+				. ( (is_numeric($offset) && $offset != 0) ? "{$offset}," : "" )
+				. "{$limit} ";
 	}
 	function limitResultForUpdate($sql, $num) {
 		return $this->limitResult($sql, $num, 0);