From 64fe7e31677cacf5667bf8c16ca8ff66724917b8 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Sun, 28 Mar 2004 16:38:51 +0000
Subject: [PATCH] fix sql injection vulnerability

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4878 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/docs/CHANGELOG.html | 1 +
 phpBB/privmsg.php         | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index fddbea2ef1..3ef54edbf1 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -62,6 +62,7 @@ p,ul,td {font-size:10pt;}
 <li>Limited allowed images in img bbcode tag to jpg, jpeg, gif and png</li>
 <li>Fixed redirect problems - 2.0.7a</li>
 <li>Fixed sql injection vulnerability in search - 2.0.7a</li>
+<li>Fixed sql injection vulnerability in privmsg - 2.0.8a</li>
 </ul>
 
 <a name="206"></a><h3 class="h3">1.ii. Changes since 2.0.6</h3>
diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php
index bae5368809..842639fb10 100644
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@@ -212,7 +212,7 @@ else if ( $mode == 'read' )
 			break;
 		case 'savebox':
 			$l_box_name = $lang['Savebox'];
-			$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
+			$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) 
 				OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )