From: Daniel Cannon <amidaniel@users.mediawiki.org>
Date: Tue, 4 Dec 2007 22:44:34 +0000 (+0000)
Subject: Ensure offset provided to Special:Undelete is numerical (to prevent SQL injection).
X-Git-Tag: 1.31.0-rc.0~50543
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dcompta/comptes/journal.php?a=commitdiff_plain;h=599b1b8d2056e76697aad0b0ae49f7bbd79f999f;p=lhc%2Fweb%2Fwiklou.git

Ensure offset provided to Special:Undelete is numerical (to prevent SQL injection).
---

diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php
index 2f88bda2ed..2175b6670c 100644
--- a/includes/SpecialUndelete.php
+++ b/includes/SpecialUndelete.php
@@ -100,7 +100,7 @@ class PageArchive {
 	function listRevisions( $startTime, $limit ) {
 		$whereClause = array( 'ar_namespace' => $this->title->getNamespace(),
 			'ar_title' => $this->title->getDBkey() );
-		if ( $startTime )
+		if ( $startTime && is_numeric($startTime) )
 			$whereClause[] = "ar_timestamp < $startTime";
 	
 		$dbr = wfGetDB( DB_SLAVE );