Security cleanups in access roles and db_pager.

diff --git a/admin/security_roles.php b/admin/security_roles.php
index 2727af4c3eabe5f97196b88baad0ce7196b502c3..f8b44552b4630b78b756757edb5082f487e98360 100644 (file)
--- a/admin/security_roles.php
+++ b/admin/security_roles.php
@@ -90,10 +90,10 @@ if (get_post('addupdate'))
                                if (($a&~0xffff) && (($a&0xff00)<(99<<8))) {
                                        $sections[] = $a&~0xff; // add extended section for plugins
                                }
-                               $areas[] = $a;
+                               $areas[] = (int)$a;
                        }
                        if (substr($p,0,7) == 'Section')
-                               $sections[] = substr($p, 7);
+                               $sections[] = (int)substr($p, 7);
                }
 //             $areas = sort_areas($areas);
 

diff --git a/includes/db_pager.inc b/includes/db_pager.inc
index 64a79eda8e633cd4316147599bc1be0062fa0346..36afb923543c739e7c5b159f070c29ae45093b65 100644 (file)
--- a/includes/db_pager.inc
+++ b/includes/db_pager.inc
@@ -283,7 +283,9 @@ class db_pager {
            }
                                
            if (count($ord)) {
-                       $sql .= " ORDER BY " . implode($ord, ',');
+                       $ord = array_map(function_exists('mysql_real_escape_string') ? 
+                               'mysql_real_escape_string': 'mysql_escape_string', $ord);
+                       $sql .= " ORDER BY " . implode(',', $ord);
                } else {
                        if($order)
                                $sql .= " ORDER BY $order"; // original base query order