From 3723acdbf2691bef2bc4a72e8a72a6c6e52955d6 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sun, 5 Dec 2004 14:42:17 +0000 Subject: [PATCH] fixed wrong quoting of cat_id (it's a string in calendar) as reported by the maxdb testers --- calendar/inc/class.socalendar.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calendar/inc/class.socalendar.inc.php b/calendar/inc/class.socalendar.inc.php index b9e8a60f42..2c06d97a57 100755 --- a/calendar/inc/class.socalendar.inc.php +++ b/calendar/inc/class.socalendar.inc.php @@ -92,7 +92,7 @@ } array_walk($cats,create_function('&$val,$key','$val = (int) $val;')); - $extra .= "($this->table.cal_category".(count($cats) > 1 ? ' IN ('.implode(',',$cats).')' : '='.(int)$cat_id); + $extra .= "($this->table.cal_category".(count($cats) > 1 ? ' IN ('.implode(',',$cats).')' : '='.$this->db->quote((int)$cat_id)); foreach($cats as $cat) { $extra .= " OR $this->table.cal_category LIKE '$cat,%' OR $this->table.cal_category LIKE '%,$cat,%' OR $this->table.cal_category LIKE '%,$cat'";