fixes potential SQL injection vector in Active Record offset()

kenjis · narfbg · commit 0dde92def6b9 · 2015-08-20T13:26:13.000+03:00
diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php
@@ -895,7 +895,7 @@ public function limit($value, $offset = '')
 	 */
 	public function offset($offset)
 	{
-		$this->ar_offset = $offset;
+		$this->ar_offset = (int) $offset;
 		return $this;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -895,7 +895,7 @@ public function limit($value, $offset = '')`
`895`	`895`	`*/`
`896`	`896`	`public function offset($offset)`
`897`	`897`	`{`
`898`		`- $this->ar_offset = $offset;`
	`898`	`+ $this->ar_offset = (int) $offset;`
`899`	`899`	`return $this;`
`900`	`900`	`}`
`901`	`901`