Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van...
authorOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:39:18 +0000 (13:39 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:39:18 +0000 (13:39 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-4@9782 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/class.db_list.inc

index ff6e08b..d45b508 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
        * Fixed bug #14402: XSS in Install tool (thanks to Benjamin Mack)
        * Fixed bug #16590: t3lib_TSparser::checkIncludeLines() does not check files to be included (thanks to Fabrizio Branca)
        * Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES
+       * Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van Hemert)
 
 2010-12-07  Christian Kuhn  <lolli@schwarzbu.ch>
 
index 1b8b7f2..48c271d 100644 (file)
@@ -217,8 +217,9 @@ class recordList extends t3lib_recordList {
                }
 
                if ($sL>0)      {
-                       $tree = $this->getTreeObject($id,$sL,$this->perms_clause);
-                       $this->pidSelect = 'pid IN ('.implode(',',$tree->ids).')';
+                       $tree = $this->getTreeObject($this->id, $sL, $this->perms_clause);
+                       $pidList = implode(',', $GLOBALS['TYPO3_DB']->cleanIntArray($tree->ids));
+                       $this->pidSelect = 'pid IN (' . $pidList . ')';
                } else {
                        $this->pidSelect = 'pid='.intval($id);
                }