r28160 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r28159‎ \| r28160 \| r28161 >
Date:	22:44, 4 December 2007
Author:	amidaniel
Status:	old
Tags:
Comment:	Ensure offset provided to Special:Undelete is numerical (to prevent SQL injection).
Modified paths:	/trunk/phase3/includes/SpecialUndelete.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SpecialUndelete.php
—	—	@@ -100,7 +100,7 @@
101	101	function listRevisions( $startTime, $limit ) {
102	102	$whereClause = array( 'ar_namespace' => $this->title->getNamespace(),
103	103	'ar_title' => $this->title->getDBkey() );
104		~~- if ( $startTime )~~
	104	+ if ( $startTime && is_numeric($startTime) )
105	105	$whereClause[] = "ar_timestamp < $startTime";
106	106
107	107	$dbr = wfGetDB( DB_SLAVE );

15:23, 12 September 2011 Meno25 (talk | contribs) changed the status of r28160 [removed: ok added: old]