Skip to content
Permalink
Browse files

* [Security] Fix missing integer casting for inserting new categories

    (thanks to cdxy)
  • Loading branch information...
garvinhicking committed Jan 16, 2017
1 parent 6285933 commit c62d667287f2d76c81e03a740a581eb3c51249b6
Showing with 4 additions and 1 deletion.
  1. +3 −0 docs/NEWS
  2. +1 −1 include/functions_entries.inc.php
@@ -20,6 +20,9 @@ Version 2.1 ()

* [Security] Redirection of comment.php now checks the referrer
and only allows the blog's host (thanks to Lee Sheldon Victor)

* [Security] Fix missing integer casting for inserting new categories
(thanks to cdxy)

* Disabled Selenium test files unless enabled

@@ -1523,7 +1523,7 @@ function serendipity_updertEntry($entry) {
if (is_array($categories)) {
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entrycat WHERE entryid={$entry['id']}");
foreach ($categories as $cat) {
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, {$cat})");
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, " . (int)$cat . ")");
}
} elseif ($had_categories) {
// This case actually only happens if an existing entry is edited, and its category assignments are all removed.

0 comments on commit c62d667

Please sign in to comment.
You can’t perform that action at this time.