Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van...
authorOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:39:28 +0000 (13:39 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:39:28 +0000 (13:39 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@9783 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/class.db_list.inc

index 4c2ee25..dedeaad 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
        * Fixed bug #14402: XSS in Install tool (thanks to Benjamin Mack)
        * Fixed bug #16590: t3lib_TSparser::checkIncludeLines() does not check files to be included (thanks to Fabrizio Branca)
        * Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES
+       * Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van Hemert)
 
 2010-12-06  Steffen Kamper  <steffen@typo3.org>
 
index edd8f5c..f738294 100644 (file)
@@ -217,8 +217,9 @@ class recordList extends t3lib_recordList {
                }
 
                if ($sL>0)      {
-                       $tree = $this->getTreeObject($id,$sL,$this->perms_clause);
-                       $this->pidSelect = 'pid IN ('.implode(',',$tree->ids).')';
+                       $tree = $this->getTreeObject($this->id, $sL, $this->perms_clause);
+                       $pidList = implode(',', $GLOBALS['TYPO3_DB']->cleanIntArray($tree->ids));
+                       $this->pidSelect = 'pid IN (' . $pidList . ')';
                } else {
                        $this->pidSelect = 'pid='.intval($id);
                }