Ensure offset provided to Special:Undelete is numerical (to prevent SQL injection).

diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php
index 2f88bda..2175b66 100644 (file)
--- a/includes/SpecialUndelete.php
+++ b/includes/SpecialUndelete.php
@@ -100,7 +100,7 @@ class PageArchive {
        function listRevisions( $startTime, $limit ) {
                $whereClause = array( 'ar_namespace' => $this->title->getNamespace(),
                        'ar_title' => $this->title->getDBkey() );
-               if ( $startTime )
+               if ( $startTime && is_numeric($startTime) )
                        $whereClause[] = "ar_timestamp < $startTime";
        
                $dbr = wfGetDB( DB_SLAVE );