makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/attach-dl] Cast variables to int

Browse source 
PHPBB3-11042
This commit is contained in:
Fyorl 2012-08-14 14:43:36 +01:00
parent c6449b4825
commit 9729fa9a3e
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/includes/functions_download.php
View file

@ -689,9 +689,9 @@ function phpbb_download_check_pm_auth($db, $user_id, $msg_id)
// Check if the attachment is within the users scope... // Check if the attachment is within the users scope...
$sql = 'SELECT user_id, author_id $sql = 'SELECT user_id, author_id
FROM ' . PRIVMSGS_TO_TABLE . ' FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id = ' . $msg_id . " WHERE msg_id = ' . (int) $msg_id . '
AND user_id = $user_id AND user_id = ' . (int) $user_id . '
OR author_id = $user_id"; OR author_id = ' . (int) $user_id;
$result = $db->sql_query_limit($sql, 1); $result = $db->sql_query_limit($sql, 1);
$allowed = $db->sql_fetchrow($result); $allowed = $db->sql_fetchrow($result);
$db->sql_freeresult($result); $db->sql_freeresult($result);