From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Tue, 6 Jul 2010 21:33:42 +0000 (+0000)
Subject: Additonal sql injection prevention in date2sql().
X-Git-Tag: 2.3-final~874
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=35f482e2a9246960de37e5f1d975c734e08951e6;p=fa-stable.git

Additonal sql injection prevention in date2sql().
---

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index a1572327..ec4587dc 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,10 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+06-Jul-2010 Janusz Dobrowolski/Micha³ Kozielski
+# Additional sql injection prevention.
+$ /includes/date_functions.inc
+
 ------------------------------- Release 2.2.11 ----------------------------------
 ! Release 2.2.11
 $ config.default.php
diff --git a/includes/date_functions.inc b/includes/date_functions.inc
index 0adac04d..bf579a4e 100644
--- a/includes/date_functions.inc
+++ b/includes/date_functions.inc
@@ -328,7 +328,11 @@ and converts to a yyyy/mm/dd format */
     else // $how == 2, YYYYMMDD
         list($year, $month, $day) = explode($sep, $date_);
 
-//to modify assumption in 2030
+    // prevent potential SQL injection
+    $year = (int)$year;
+    $month = (int)$month;
+    $day = (int)$day;
+	//to modify assumption in 2030
 	if ($date_system == 0 || $date_system == 3)
 	{
 		if ((int)$year < 60)