From 39e6aed327fcf5e6f4723dd9fc816b0c1f463b15 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 3 Oct 2004 01:44:26 +0000
Subject: [PATCH] Quotes, dammit! Remove potential SQL injection vector.

---
 includes/Title.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/includes/Title.php b/includes/Title.php
index 4adec439e2..36e34c89eb 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -1708,9 +1708,9 @@ class Title {
 	function getPreviousRevisionID( $revision ) {
 		$dbr =& wfGetDB( DB_SLAVE );
 		return $dbr->selectField( 'old', 'old_id',
-			"old_title='" . $this->getDBkey() . "'" .
-			' AND old_namespace=' . $this->getNamespace() .
-			" AND old_id<{$revision} ORDER BY old_id DESC" );
+			'old_title=' . $dbr->addQuotes( $this->getDBkey() ) .
+			' AND old_namespace=' . IntVal( $this->getNamespace() ) .
+			' AND old_id<' . IntVal( $revision ) . ' ORDER BY old_id DESC' );
 	}
 
 	/**
@@ -1722,9 +1722,9 @@ class Title {
 	function getNextRevisionID( $revision ) {
 		$dbr =& wfGetDB( DB_SLAVE );
 		return $dbr->selectField( 'old', 'old_id',
-			"old_title='" . $this->getDBkey() . "'" .
-			' AND old_namespace=' . $this->getNamespace() .
-			" AND old_id>{$revision} ORDER BY old_id" );
+			'old_title=' . $dbr->addQuotes( $this->getDBkey() ) .
+			' AND old_namespace=' . IntVal( $this->getNamespace() ) .
+			' AND old_id>' . IntVal( $revision ) . ' ORDER BY old_id' );
 	}
 
 }
-- 
2.20.1