Merge pull request #1 from silverstripe-security/patch/1/SS-2017-008

[SS-2017-008] Fix SQL injection in search engine
silverstripe · Dec 7, 2017 · aa21b10 · aa21b10
2 parents 0f8c146 + ada270c
commit aa21b10
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/code/MSSQLDatabase.php b/code/MSSQLDatabase.php
@@ -197,6 +197,8 @@ public function random()
      */
     public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false)
     {
+        $start = (int)$start;
+        $pageLength = (int)$pageLength;
         if (isset($objects)) {
             $results = new ArrayList($objects);
         } else {