From 1632a172f30016c328c9e1c28b7e8eeda7fe1560 Mon Sep 17 00:00:00 2001 From: Thomas Hochstein Date: Sat, 21 Mar 2020 17:52:33 +0100 Subject: [PATCH] Set empty limit to "" in serendipity_fetchEntries. If $limit is empty(), no limit is set, so we can set the LIMIT statement to "" to achieve the same. But an empty() $limit can be "0", so the generated SQL statement could end with "0" instead of the LIMIT statement. We catch this with forcing an empty() $limit to "". Fixes #636. (No matter that this shouldn't even happen.) Signed-off-by: Thomas Hochstein --- docs/NEWS | 5 +++++ include/functions_entries.inc.php | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/docs/NEWS b/docs/NEWS index 0c8fd815..62e94c2f 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -21,6 +21,11 @@ Version 2.3.3-beta1 () * Fix: Add valid HTTP referrer when trying to delete a + * Fix: Wordwrap at word boundaries only in bundled plugin + serendipity_plugin_comments. + + * Fix: Force empty limit to "" in serendipity_fetchEntries(). + * Fix: Escape version string in update notifier to avoid XSS. * Fix: Prevent renaming a ML object into an existing file, diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php index c9413ab6..02bb1b22 100644 --- a/include/functions_entries.inc.php +++ b/include/functions_entries.inc.php @@ -433,6 +433,15 @@ function &serendipity_fetchEntries($range = null, $full = true, $limit = '', $fe } $limit = serendipity_db_limit_sql($limit); + + } else { + # if $limit was empty(), no limit was set; + # but empty() may also mean FALSE, "" or 0, + # so set it to "" to remove the LIMIT + # statement completely; should catch errors + # with a limit of 0 and some database drivers + # see + $limit = ''; } $query = "SELECT $select_key