add upstream patch to fix SQL injection CVE-2018-13049

author: Remi Collet <remi@remirepo.net> 2018-07-03 07:32:46 +0200
committer: Remi Collet <remi@remirepo.net> 2018-07-03 07:32:46 +0200
commit: 2bce7cfae8cd68f6de3193b06e8f04a65c7950a7 (patch)
tree: 2c4db1f709a02e9d6d87177c5ae22a3332095779 /3391f10eacec880aebcd4297bd2658ae13473947.patch
parent: 3ef4afa636650ff6a23c9fdfdb26c64414313531 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/3391f10eacec880aebcd4297bd2658ae13473947.patch b/3391f10eacec880aebcd4297bd2658ae13473947.patch
new file mode 100644
index 0000000..85ab682
--- /dev/null
+++ b/3391f10eacec880aebcd4297bd2658ae13473947.patch
@@ -0,0 +1,22 @@
+From 3391f10eacec880aebcd4297bd2658ae13473947 Mon Sep 17 00:00:00 2001
+From: Johan Cwiklinski <jcwiklinski@teclib.com>
+Date: Mon, 2 Jul 2018 08:12:32 +0200
+Subject: [PATCH] Cast limits to integer; fixes #4270
+
+---
+ inc/search.class.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/inc/search.class.php b/inc/search.class.php
+index 79c32856bd..b6f684be26 100644
+--- a/inc/search.class.php
++++ b/inc/search.class.php
+@@ -890,7 +890,7 @@ static function constructSQL(array &$data) {
+       $numrows = 0;
+       //No search : count number of items using a simple count(ID) request and LIMIT search
+       if ($data['search']['no_search']) {
+-         $LIMIT = " LIMIT ".$data['search']['start'].", ".$data['search']['list_limit'];
++         $LIMIT = " LIMIT ".(int)$data['search']['start'].", ".(int)$data['search']['list_limit'];
+ 
+          // Force group by for all the type -> need to count only on table ID
+          if (!isset($searchopt[1]['forcegroupby'])) {
author	Remi Collet <remi@remirepo.net>	2018-07-03 07:32:46 +0200
committer	Remi Collet <remi@remirepo.net>	2018-07-03 07:32:46 +0200
commit	2bce7cfae8cd68f6de3193b06e8f04a65c7950a7 (patch)
tree	2c4db1f709a02e9d6d87177c5ae22a3332095779 /3391f10eacec880aebcd4297bd2658ae13473947.patch
parent	3ef4afa636650ff6a23c9fdfdb26c64414313531 (diff)