From 5b5332d38c8651cb1532d4142834adb816384526 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 11 Jun 2014 16:12:54 +0200
Subject: [news] Fix SQL injection

---
 modules/news.inc.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'modules')

diff --git a/modules/news.inc.php b/modules/news.inc.php
index 2f9aa985..4ec6fddd 100644
--- a/modules/news.inc.php
+++ b/modules/news.inc.php
@@ -73,13 +73,14 @@ class Page_News extends Page
 	{
 		// check to see if we need to request a specific newsid
 		if ($this->newsId !== false) {
-			$whereClause = "WHERE newsid = $this->newsId ";
+			$row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news WHERE newsid = :newsid LIMIT 1", array(
+				'newsid' => $this->newsId
+			));
 		} else {
-			$whereClause = "";
+			$row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news ORDER BY dateline DESC LIMIT 1");
 		}
 		
 		// fetch the news to be shown
-		$row = Database::queryFirst("SELECT * FROM news $whereClause ORDER BY dateline DESC LIMIT 1");
 		if ($row !== false) {
 			$this->newsTitle = $row['title'];
 			$this->newsContent = $row['content'];
-- 
cgit v1.2.3-55-g7522