From 90b8af7cd5bf74cce6633313201dec4ecf2191f7 Mon Sep 17 00:00:00 2001
From: Garvin Hicking <mail@garv.in>
Date: Thu, 1 Mar 2007 19:54:27 +0000
Subject: [PATCH] Fix SQL error message display when invalid categories
 selected

---
 docs/NEWS                         | 5 +++++
 include/functions_entries.inc.php | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/docs/NEWS b/docs/NEWS
index 5ea66f4e..89cc7130 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -80,6 +80,11 @@ Version 1.2 ()
 Version 1.1.2 ()
 -----------------------------------------------------------------------
 
+    * Fix showing SQL error message when an empty category is selected
+      for viewing. Fixes an issue reported by Samenspender that was
+      falsely declard as SQL injection. In fact, no invalid SQL code
+      can be injected. (garvinhicking)
+
     * Better checks to see if the local PEAR inclusion is required
       (garvinhicking)
 
diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php
index 2a75027b..53ca9a87 100644
--- a/include/functions_entries.inc.php
+++ b/include/functions_entries.inc.php
@@ -69,6 +69,10 @@ function serendipity_getMultiCategoriesSQL($cats, $invert = false) {
             $cat_sql_array[] = " (c.category_left " . ($invert ? " NOT " : "") . " BETWEEN " . implode(' AND ', serendipity_fetchCategoryRange($categoryid)) . ')';
         }
     }
+    
+    if (count($cat_sql_array) < 1) {
+        return '';
+    }
 
     return '(' . implode(($invert ? ' AND ' : ' OR '), $cat_sql_array) . ')';
 }