]> git.wh0rd.org - tt-rss.git/commitdiff
git.wh0rd.org / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 149e903)
feedbrowser: fix incorrect usage of LIMIT in prepared statement
authorAndrew Dolgov <noreply@fakecake.org>
Mon, 18 Jun 2018 20:50:32 +0000 (23:50 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Mon, 18 Jun 2018 20:50:32 +0000 (23:50 +0300)
include/feedbrowser.php patch | blob | blame | history

diff --git a/include/feedbrowser.php b/include/feedbrowser.php
index a5a9f3dca4a767d1fccbcca8cb694b098860ce2f..8ebeb20ccd898e292265c566eda9dc5c4c9617d4 100644 (file)
--- a/include/feedbrowser.php
+++ b/include/feedbrowser.php
@@ -24,8 +24,8 @@
                                                        (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
                                                                WHERE tf.feed_url = qqq.feed_url
                                                                        AND owner_uid = ?) $search_qpart
-                                               GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT ?");
-                       $sth->execute([$_SESSION['uid'], $limit]);
+                                               GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT " . (int)$limit);
+                       $sth->execute([$_SESSION['uid']]);
 
                } else if ($mode == 2) {
                        $sth = $pdo->prepare("SELECT *,
@@ -38,9 +38,9 @@
                                                        WHERE ttrss_feeds.feed_url = ttrss_archived_feeds.feed_url AND
                                                                owner_uid = :uid) = 0   AND
                                                owner_uid = :uid $search_qpart
-                                               ORDER BY id DESC LIMIT :limit");
+                                               ORDER BY id DESC LIMIT " . (int)$limit);
 
-                       $sth->execute([":uid" => $_SESSION['uid'], ":limit" => $limit]);
+                       $sth->execute([":uid" => $_SESSION['uid']]);
                }
 
                $feedctr = 0;
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/