Skip to content
Snippets Groups Projects
Commit 1cce484d authored by Robin Gustafsson's avatar Robin Gustafsson
Browse files

Apply upstream fix of SQL injection vulnerability

Closes: #987831
parent 3d638691
No related branches found
No related tags found
No related merge requests found
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Wed, 28 Apr 2021 08:18:19 -0500
Subject: cast to int
Origin: https://github.com/laravel/framework/commit/09bf1457e9df53e172e6fd5929cbafb539677c7c
Applied-Upstream: 6.20.26
---
src/Illuminate/Database/Query/Grammars/SqlServerGrammar.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/Illuminate/Database/Query/Grammars/SqlServerGrammar.php b/src/Illuminate/Database/Query/Grammars/SqlServerGrammar.php
index f0a0bfc..88a7df3 100755
--- a/src/Illuminate/Database/Query/Grammars/SqlServerGrammar.php
+++ b/src/Illuminate/Database/Query/Grammars/SqlServerGrammar.php
@@ -60,8 +60,8 @@ class SqlServerGrammar extends Grammar
// If there is a limit on the query, but not an offset, we will add the top
// clause to the query, which serves as a "limit" type clause within the
// SQL Server system similar to the limit keywords available in MySQL.
- if ($query->limit > 0 && $query->offset <= 0) {
- $select .= 'top '.$query->limit.' ';
+ if (is_numeric($query->limit) && $query->limit > 0 && $query->offset <= 0) {
+ $select .= 'top '.((int) $query->limit).' ';
}
return $select.$this->columnize($columns);
@@ -221,10 +221,10 @@ class SqlServerGrammar extends Grammar
*/
protected function compileRowConstraint($query)
{
- $start = $query->offset + 1;
+ $start = (int) $query->offset + 1;
if ($query->limit > 0) {
- $finish = $query->offset + $query->limit;
+ $finish = (int) $query->offset + (int) $query->limit;
return "between {$start} and {$finish}";
}
0001-cast-to-int.patch
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment