From 1fa6bb29b54676b02b3a06400f80dd2e6b74fc56 Mon Sep 17 00:00:00 2001
From: Yuri Astrakhan <yurik@users.mediawiki.org>
Date: Mon, 1 May 2006 05:20:52 +0000
Subject: [PATCH] added isnumeric check to limitResult() to prevent a possible
 sql injection.

---
 includes/Database.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/includes/Database.php b/includes/Database.php
index 55d5f969bb..133f4a1ac0 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -1386,7 +1386,12 @@ class Database {
 	 * $offset integer the SQL offset (default false)
 	 */
 	function limitResult($sql, $limit, $offset=false) {
-		return " $sql LIMIT ".((is_numeric($offset) && $offset != 0)?"{$offset},":"")."{$limit} ";
+		if( !is_numeric($limit) ) {
+			wfDie( "Invalid non-numeric limit passed to limitResult()\n" );
+		}
+		return " $sql LIMIT "
+				. ( (is_numeric($offset) && $offset != 0) ? "{$offset}," : "" )
+				. "{$limit} ";
 	}
 	function limitResultForUpdate($sql, $num) {
 		return $this->limitResult($sql, $num, 0);
-- 
2.20.1