[ticket/10714] Cast values to integer before using them in the query

PHPBB3-10714
2025-06-28 06:08:52 +00:00 · 2013-01-22 15:46:48 +01:00 · 2013-01-22 15:46:48 +01:00 · ffde887aad
commit ffde887aad
parent c0ab3f3ddd
1 changed files with 6 additions and 6 deletions
--- a/phpBB/includes/log/log.php
+++ b/phpBB/includes/log/log.php
@ -408,10 +408,10 @@ class phpbb_log implements phpbb_log_interface
 		if ($count_logs)
 		{
 			$sql = 'SELECT COUNT(l.log_id) AS total_entries
-				FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u
+				FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . ' u
-				WHERE l.log_type = $log_type
+				WHERE l.log_type = ' . (int) $log_type . '
 					AND l.user_id = u.user_id
-					AND l.log_time >= $log_time
+					AND l.log_time >= ' . (int) $log_time . "
 					$sql_keywords
 					$sql_additional";
 			$result = $this->db->sql_query($sql);
@ -433,10 +433,10 @@ class phpbb_log implements phpbb_log_interface
 		}
 		$sql = 'SELECT l.*, u.username, u.username_clean, u.user_colour
-			FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u
+			FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . ' u
-			WHERE l.log_type = $log_type
+			WHERE l.log_type = ' . (int) $log_type . '
 				AND u.user_id = l.user_id
-				" . (($log_time) ? "AND l.log_time >= $log_time" : '') . "
+				' . (($log_time) ? 'AND l.log_time >= ' . (int) $log_time : '') . "
 				$sql_keywords
 				$sql_additional
 			ORDER BY $sort_by";