[TYPO3-commerce] rootline
Paul Hansen
paul at ecopixel.com
Wed May 9 07:48:27 CEST 2007
Niels Kipp wrote:
> I think the bug is in the
> class tx_commerce_db_category
> function get_parent_category($uid)
>
> line 82: if (is_int($uid) && ($uid > 0)){
>
> I found out that $uid is not an int. I changed it to
>
> if ($uid > 0){
Removing the numeric test is probably a bad idea, because the query that
follows does not escape the $uid value. I guess $uid isn't an int here
because it's originally from form input (and it's not cast as an int,
either).
Instead, use:
if (is_numeric($uid) && ($uid > 0)) {
This fixes it!
Take care,
Paul
More information about the TYPO3-project-commerce
mailing list