Commit 408afd36 authored by Francois Marier's avatar Francois Marier
Browse files

Explicit typecasts to harden these queries


Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent f34c6279
......@@ -149,7 +149,7 @@ if ($institution || $add) {
foreach($authinstances as $key => $val) {
$authinstances[$key]->index = $key;
$authinstances[$key]->total = $c;
$instancearray[] = $val->id;
$instancearray[] = (int)$val->id;
}
$instancestring = implode(',',$instancearray);
......
......@@ -236,10 +236,10 @@ class ArtefactTypeComment extends ArtefactType {
);
if (!empty($artefactid)) {
$where = 'c.onartefact = ' . $artefactid;
$where = 'c.onartefact = ' . (int)$artefactid;
}
else {
$where = 'c.onview = ' . $viewid;
$where = 'c.onview = ' . (int)$viewid;
}
if (!$canedit) {
$where .= ' AND (c.private = 0 OR a.author = ' . (int) $userid . ')';
......
......@@ -281,7 +281,7 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
LEFT OUTER JOIN {artefact_file_files} f ON f.artefact = a.id
WHERE a.title = ?
AND a.' . $ownersql . '
AND a.parent ' . (empty($folder) ? ' IS NULL' : ' = ' . $folder) . '
AND a.parent ' . (empty($folder) ? ' IS NULL' : ' = ' . (int)$folder) . '
AND a.artefacttype IN ' . $filetypesql, array($title));
}
......
......@@ -528,7 +528,7 @@ abstract class ArtefactType {
$leaves = array();
foreach ($records as $r) {
if ($r->container) {
$containers[$r->artefacttype][] = $r->id;
$containers[$r->artefacttype][] = (int)$r->id;
}
else {
$leaves[$r->artefacttype][] = $r->id;
......@@ -1210,7 +1210,7 @@ function artefact_get_parents_for_cache($artefactids, &$parentids=false) {
$checkattachments = array();
foreach ($parents as $p) {
if (in_array($p->artefacttype, artefact_get_attachment_types())) {
$checkattachments[] = $p->id;
$checkattachments[] = (int)$p->id;
}
}
if (!empty($checkattachments)) {
......
......@@ -70,7 +70,7 @@ class PluginBlocktypeMyviews extends SystemBlocktype {
}
if ($views) {
$viewidlist = implode(', ', array_map(create_function('$a', 'return $a->id;'), $views));
$viewidlist = implode(', ', array_map(create_function('$a', 'return (int)$a->id;'), $views));
$artefacts = get_records_sql_array('SELECT va.view, va.artefact, a.title, a.artefacttype, t.plugin
FROM {view_artefact} va
INNER JOIN {artefact} a ON va.artefact = a.id
......
......@@ -1936,7 +1936,7 @@ class View {
else {
safe_require('artefact', 'file');
$select .= "
OR ( a.institution = 'mahara' AND apc.parent = " . ArtefactTypeFolder::admin_public_folder_id() . ')';
OR ( a.institution = 'mahara' AND apc.parent = " . (int)ArtefactTypeFolder::admin_public_folder_id() . ')';
}
if ($institutions) {
$select .= '
......@@ -2034,7 +2034,7 @@ class View {
}
if ($viewdata) {
$viewidlist = implode(', ', array_map(create_function('$a', 'return $a->id;'), $viewdata));
$viewidlist = implode(', ', array_map(create_function('$a', 'return (int)$a->id;'), $viewdata));
$artefacts = get_records_sql_array('SELECT va.view, va.artefact, a.title, a.artefacttype, t.plugin
FROM {view_artefact} va
INNER JOIN {artefact} a ON va.artefact = a.id
......@@ -2513,9 +2513,9 @@ class View {
$institutions = array();
foreach ($viewdata as $v) {
if ($v->owner && !isset($owners[$v->owner])) {
$owners[$v->owner] = $v->owner;
$owners[$v->owner] = (int)$v->owner;
} else if ($v->group && !isset($groups[$v->group])) {
$groups[$v->group] = $v->group;
$groups[$v->group] = (int)$v->group;
} else if (strlen($v->institution) && !isset($institutions[$v->institution])) {
$institutions[$v->institution] = $v->institution;
}
......
......@@ -197,6 +197,9 @@ class PluginSearchInternal extends PluginSearch {
else {
$options['orderby'] = 'u.firstname, u.lastname, u.id';
}
if (isset($options['exclude'])) {
$options['exclude'] = intval($options['exclude']);
}
return $options;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment