negative limit in elgg_get_entities
|Reported by:||coldtrick||Owned by:|
currently it is possible to pass a negative limit to elgg_get_entities.
This should not be possible
The LIMIT clause can be used to constrain the number of rows returned by the SELECT statement. LIMIT takes one or two numeric arguments, which must both be nonnegative integer constants (except when using prepared statements).
Just as the offset it is possible to pass the "allow negative" toggle.
$limit = sanitise_int($options['limit'], false);
I did not check if this was the case in other core functions, but is should apply to all queries using a LIMIT parameter.
Change History (3)
comment:1 Changed 17 months ago by cash
- Difficulty set to trivial
- Milestone changed from Needs Review to Elgg 1.8.3
- Priority changed from normal to low
comment:2 Changed 17 months ago by Cash Costello
- Resolution set to fixed
- Status changed from new to closed