From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Tue, 6 Jul 2010 21:33:42 +0000 (+0000)
Subject: Additonal sql injection prevention in date2sql().
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=8772e62fe2feab4432fc811e7fb60f0a0ee85db2;p=textcart.git

Additonal sql injection prevention in date2sql().
---

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index a157232..ec4587d 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,10 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+06-Jul-2010 Janusz Dobrowolski/Micha³ Kozielski
+# Additional sql injection prevention.
+$ /includes/date_functions.inc
+
 ------------------------------- Release 2.2.11 ----------------------------------
 ! Release 2.2.11
 $ config.default.php
diff --git a/includes/date_functions.inc b/includes/date_functions.inc
index 0adac04..bf579a4 100644
--- a/includes/date_functions.inc
+++ b/includes/date_functions.inc
@@ -328,7 +328,11 @@ and converts to a yyyy/mm/dd format */
     else // $how == 2, YYYYMMDD
         list($year, $month, $day) = explode($sep, $date_);
 
-//to modify assumption in 2030
+    // prevent potential SQL injection
+    $year = (int)$year;
+    $month = (int)$month;
+    $day = (int)$day;
+	//to modify assumption in 2030
 	if ($date_system == 0 || $date_system == 3)
 	{
 		if ((int)$year < 60)