Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van...
authorOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:39:00 +0000 (13:39 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:39:00 +0000 (13:39 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@9780 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/class.db_list.inc

index 9b065cf..a90b93f 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
        * Fixed bug #14402: XSS in Install tool (thanks to Benjamin Mack)
        * Fixed bug #16590: t3lib_TSparser::checkIncludeLines() does not check files to be included (thanks to Fabrizio Branca)
        * Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES
+       * Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van Hemert)
 
 2010-11-12  Ernesto Baschny  <ernst@cron-it.de>
 
index e130661..9084d6e 100755 (executable)
@@ -190,8 +190,9 @@ class recordList extends t3lib_recordList {
                }
 
                if ($sL>0)      {
-                       $tree = $this->getTreeObject($id,$sL,$this->perms_clause);
-                       $this->pidSelect = 'pid IN ('.implode(',',$tree->ids).')';
+                       $tree = $this->getTreeObject($this->id, $sL, $this->perms_clause);
+                       $pidList = implode(',', $GLOBALS['TYPO3_DB']->cleanIntArray($tree->ids));
+                       $this->pidSelect = 'pid IN (' . $pidList . ')';
                } else {
                        $this->pidSelect = 'pid='.intval($id);
                }