From 599b1b8d2056e76697aad0b0ae49f7bbd79f999f Mon Sep 17 00:00:00 2001
From: Daniel Cannon <amidaniel@users.mediawiki.org>
Date: Tue, 4 Dec 2007 22:44:34 +0000
Subject: [PATCH] Ensure offset provided to Special:Undelete is numerical (to
 prevent SQL injection).

---
 includes/SpecialUndelete.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php
index 2f88bda2ed..2175b6670c 100644
--- a/includes/SpecialUndelete.php
+++ b/includes/SpecialUndelete.php
@@ -100,7 +100,7 @@ class PageArchive {
 	function listRevisions( $startTime, $limit ) {
 		$whereClause = array( 'ar_namespace' => $this->title->getNamespace(),
 			'ar_title' => $this->title->getDBkey() );
-		if ( $startTime )
+		if ( $startTime && is_numeric($startTime) )
 			$whereClause[] = "ar_timestamp < $startTime";
 	
 		$dbr = wfGetDB( DB_SLAVE );
-- 
2.20.1