From e5f88a14623a9b3bce372e9fa81c5128b56f89ab Mon Sep 17 00:00:00 2001
From: 3D-I <480857+3D-I@users.noreply.github.com>
Date: Sun, 15 Mar 2020 04:43:20 +0100
Subject: [PATCH] [ticket/13914] Cast to INT mixed style ID data in user setup

PHPBB3-13914
---
 phpBB/phpbb/user.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/phpBB/phpbb/user.php b/phpBB/phpbb/user.php
index 9817e40edb..096e6d42c1 100644
--- a/phpBB/phpbb/user.php
+++ b/phpBB/phpbb/user.php
@@ -262,8 +262,8 @@ class user extends \phpbb\session
 		}
 
 		$sql = 'SELECT *
-			FROM ' . STYLES_TABLE . " s
-			WHERE s.style_id = $style_id";
+			FROM ' . STYLES_TABLE . '
+			WHERE style_id = ' . (int) $style_id;
 		$result = $db->sql_query($sql, 3600);
 		$this->style = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
@@ -274,8 +274,8 @@ class user extends \phpbb\session
 			$style_id = $this->data['user_style'];
 
 			$sql = 'SELECT *
-				FROM ' . STYLES_TABLE . " s
-				WHERE s.style_id = $style_id";
+				FROM ' . STYLES_TABLE . '
+				WHERE style_id = ' . (int) $style_id;
 			$result = $db->sql_query($sql, 3600);
 			$this->style = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);