From 90be9fbb84623095a360cfa6e9c1955a891eeba5 Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Sat, 18 Oct 2008 00:45:45 +0000
Subject: - merge rev 2765,2769 from branch 2.0 * 2765 mysql potential
 injection paranoia + code compaction in common.inc.php * 2769 added an image
 sort order by privacy level (admins only) * 2769 fix an IE6 display issue
 with quick search on index page

git-svn-id: http://piwigo.org/svn/trunk@2770 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/ws_functions.inc.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'include/ws_functions.inc.php')

diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index a41212f5f..e61a4b2d6 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -187,6 +187,7 @@ function ws_caddie_add($params, &$service)
   {
     return new PwgError(401, 'Access denied');
   }
+  $params['image_id'] = array_map( 'intval',$params['image_id'] );
   if ( empty($params['image_id']) )
   {
     return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@@ -291,7 +292,7 @@ SELECT i.*, GROUP_CONCAT(category_id) cat_ids
     AND ', $where_clauses).'
 GROUP BY i.id
 '.$order_by.'
-LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
+LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
 
     $result = pwg_query($query);
     while ($row = mysql_fetch_assoc($result))
@@ -683,8 +684,8 @@ SELECT id, date, author, content
   FROM '.COMMENTS_TABLE.'
   WHERE '.$where_comments.'
   ORDER BY date
-  LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
-    ','.$params['comments_per_page'];
+  LIMIT '.(int)($params['comments_per_page']*$params['comments_page']).
+    ','.(int)$params['comments_per_page'];
 
     $result = pwg_query($query);
     while ($row = mysql_fetch_assoc($result))
@@ -857,6 +858,7 @@ function ws_images_setPrivacyLevel($params, &$service)
   {
     return new PwgError(401, 'Access denied');
   }
+  $params['image_id'] = array_map( 'intval',$params['image_id'] );
   if ( empty($params['image_id']) )
   {
     return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@@ -1342,7 +1344,7 @@ SELECT DISTINCT i.* FROM '.IMAGES_TABLE.' i
   WHERE '. implode('
     AND ', $where_clauses).'
 '.$order_by.'
-LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
+LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
 
     $result = pwg_query($query);
     while ($row = mysql_fetch_assoc($result))
-- 
cgit v1.2.3