mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Fix SQL error message display when invalid categories selected

Browse Source
This commit is contained in:
Garvin Hicking 2007-03-01 19:54:27 +00:00
parent f8ba3a8a0c
commit 90b8af7cd5
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/NEWS
View File

@ -80,6 +80,11 @@ Version 1.2 ()
Version 1.1.2 ()
-----------------------------------------------------------------------
* Fix showing SQL error message when an empty category is selected
for viewing. Fixes an issue reported by Samenspender that was
falsely declard as SQL injection. In fact, no invalid SQL code
can be injected. (garvinhicking)
* Better checks to see if the local PEAR inclusion is required
(garvinhicking)

4
include/functions_entries.inc.php
View File

@ -69,6 +69,10 @@ function serendipity_getMultiCategoriesSQL($cats, $invert = false) {
$cat_sql_array[] = " (c.category_left " . ($invert ? " NOT " : "") . " BETWEEN " . implode(' AND ', serendipity_fetchCategoryRange($categoryid)) . ')';
}
}
if (count($cat_sql_array) < 1) {
return '';
}
return '(' . implode(($invert ? ' AND ' : ' OR '), $cat_sql_array) . ')';
}