Skip to content
Permalink
Browse files Browse the repository at this point in the history
* [Security] Fix missing integer casting for inserting new categories
    (thanks to cdxy)
  • Loading branch information
garvinhicking committed Jan 16, 2017
1 parent 6285933 commit c62d667
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 3 additions & 0 deletions docs/NEWS
Expand Up @@ -20,6 +20,9 @@ Version 2.1 ()

* [Security] Redirection of comment.php now checks the referrer
and only allows the blog's host (thanks to Lee Sheldon Victor)

* [Security] Fix missing integer casting for inserting new categories
(thanks to cdxy)

* Disabled Selenium test files unless enabled

Expand Down
2 changes: 1 addition & 1 deletion include/functions_entries.inc.php
Expand Up @@ -1523,7 +1523,7 @@ function serendipity_updertEntry($entry) {
if (is_array($categories)) {
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entrycat WHERE entryid={$entry['id']}");
foreach ($categories as $cat) {
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, {$cat})");
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, " . (int)$cat . ")");
}
} elseif ($had_categories) {
// This case actually only happens if an existing entry is edited, and its category assignments are all removed.
Expand Down

0 comments on commit c62d667

Please sign in to comment.