Merge pull request #1 from silverstripe-security/patch/1.2/SS-2017-008

[SS-2017-008] Fix SQL injection in search engine
silverstripe · Dec 7, 2017 · aa16771 · aa16771
2 parents e3bebfe + ee356b1
commit aa16771
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/code/PostgreSQLDatabase.php b/code/PostgreSQLDatabase.php
@@ -261,6 +261,9 @@ public function setSchemaSearchPath() {
 	 * @return object DataObjectSet of result pages
 	 */
 	public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "ts_rank DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) {
+		$start = (int)$start;
+		$pageLength = (int)$pageLength;
+
 		//Fix the keywords to be ts_query compatitble:
 		//Spaces must have pipes
 		//@TODO: properly handle boolean operators here.