mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 13:30:25 +02:00
Code Issues Releases Wiki Activity

[ticket/13914] Cast to INT mixed style ID data in user setup

Browse Source 
PHPBB3-13914
This commit is contained in:
3D-I
2020-03-15 04:43:20 +01:00
parent 0a089c8656
commit e5f88a1462
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
phpBB/phpbb/user.php
View File

@@ -262,8 +262,8 @@ class user extends \phpbb\session
}
$sql = 'SELECT *
FROM ' . STYLES_TABLE . " s
WHERE s.style_id = $style_id";
FROM ' . STYLES_TABLE . '
WHERE style_id = ' . (int) $style_id;
$result = $db->sql_query($sql, 3600);
$this->style = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -274,8 +274,8 @@ class user extends \phpbb\session
$style_id = $this->data['user_style'];
$sql = 'SELECT *
FROM ' . STYLES_TABLE . " s
WHERE s.style_id = $style_id";
FROM ' . STYLES_TABLE . '
WHERE style_id = ' . (int) $style_id;
$result = $db->sql_query($sql, 3600);
$this->style = $db->sql_fetchrow($result);
$db->sql_freeresult($result);