makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/13914] Cast to INT mixed style ID data in user setup

Browse source 
PHPBB3-13914
This commit is contained in:
3D-I 2020-03-15 04:43:20 +01:00
parent 0a089c8656
commit e5f88a1462
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/phpbb/user.php
View file

@ -262,8 +262,8 @@ class user extends \phpbb\session
}
$sql = 'SELECT *
FROM ' . STYLES_TABLE . " s
WHERE s.style_id = $style_id";
FROM ' . STYLES_TABLE . '
WHERE style_id = ' . (int) $style_id;
$result = $db->sql_query($sql, 3600);
$this->style = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -274,8 +274,8 @@ class user extends \phpbb\session
$style_id = $this->data['user_style'];
$sql = 'SELECT *
FROM ' . STYLES_TABLE . " s
WHERE s.style_id = $style_id";
FROM ' . STYLES_TABLE . '
WHERE style_id = ' . (int) $style_id;
$result = $db->sql_query($sql, 3600);
$this->style = $db->sql_fetchrow($result);
$db->sql_freeresult($result);