[TASK] Harden database queries in LocalizationController 44/44644/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Mon, 9 Nov 2015 16:53:11 +0000 (17:53 +0100)
committerWouter Wolters <typo3@wouterwolters.nl>
Mon, 9 Nov 2015 17:30:11 +0000 (18:30 +0100)
Resolves: #71442
Releases: master
Change-Id: Id4480dfd18913add55f07ca030cc2d56ba85974f
Reviewed-on: https://review.typo3.org/44644
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/backend/Classes/Controller/Page/LocalizationController.php

index 8d9592e..3780632 100644 (file)
@@ -76,9 +76,9 @@ class LocalizationController
         $elementsInColumnCount = $databaseConnection->exec_SELECTcountRows(
             'uid',
             'tt_content',
-            'tt_content.sys_language_uid=' . $languageId
-                . ' AND tt_content.colPos = ' . $colPos
-                . ' AND tt_content.pid=' . $pageId
+            'tt_content.sys_language_uid=' . (int)$languageId
+                . ' AND tt_content.colPos = ' . (int)$colPos
+                . ' AND tt_content.pid=' . (int)$pageId
                 . $excludeQueryPart
         );
         $additionalWhere = '';
@@ -94,16 +94,15 @@ class LocalizationController
                 'sys_language.uid',
                 'tt_content,sys_language',
                 'tt_content.sys_language_uid=sys_language.uid'
-                    . ' AND tt_content.colPos = ' . $colPos
-                    . ' AND tt_content.pid=' . $pageId
-                    . ' AND sys_language.uid <> ' . $languageId
+                    . ' AND tt_content.colPos = ' . (int)$colPos
+                    . ' AND tt_content.pid=' . (int)$pageId
+                    . ' AND sys_language.uid <> ' . (int)$languageId
                     . $additionalWhere
                     . $excludeQueryPart,
                 'tt_content.sys_language_uid',
                 'sys_language.title'
             );
             while ($row = $databaseConnection->sql_fetch_assoc($res)) {
-                $row['uid'] = (int)$row['uid'];
                 if (isset($systemLanguages[$row['uid']])) {
                     $availableLanguages[] = $systemLanguages[$row['uid']];
                 }