From 801d6acea0ce6704a9f1e024ba61d18f9751b869 Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Wed, 15 Jan 2003 00:38:13 +0000
Subject: [PATCH] Fix possible SQL issue - noted by Ulf Harnhammar

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3322 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/privmsg.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php
index 20f8481d28..39e7369bb6 100644
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@@ -683,7 +683,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
 
 		for($i = 0; $i < count($mark_list); $i++)
 		{
-			$s_hidden_fields .= '<input type="hidden" name="mark[]" value="' . $mark_list[$i] . '" />';
+			$s_hidden_fields .= '<input type="hidden" name="mark[]" value="' . intval($mark_list[$i]) . '" />';
 		}
 
 		//
@@ -755,7 +755,11 @@ else if ( ( $delete && $mark_list ) || $delete_all )
 
 		if ( count($mark_list) )
 		{
-			$delete_sql_id = implode(', ', $mark_list);
+			$delete_sql_id = '';
+			for ($i = 0; $i < sizeof($mark_list); $i++)
+			{
+				$delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
+			}
 
 			if ($folder == 'inbox' || $folder == 'outbox')
 			{
@@ -948,7 +952,11 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
 			}
 		}
 	
-		$saved_sql_id = implode(', ', $mark_list);
+		$saved_sql_id = '';
+		for ($i = 0; $i < sizeof($mark_list); $i++)
+		{
+			$saved_sql_id .= (($saved_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
+		}
 
 		// Process request
 		$saved_sql = "UPDATE " . PRIVMSGS_TABLE;