From bed2d6e05499c574b64d1dfdf6be3f43d704abb6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Sun, 17 Dec 2017 16:24:13 +0300
Subject: [PATCH] force-cast some variables used in queries to integer do not
 display SQL query in headlines debug mode

---
 classes/feeds.php     | 14 ++++++++------
 include/functions.php |  1 +
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/classes/feeds.php b/classes/feeds.php
index 64880b02d..98507d361 100755
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -1271,6 +1271,7 @@ class Feeds extends Handler_Protected {
 					if ($feed > 0) {
 						$children = Feeds::getChildCategories($feed, $owner_uid);
 						array_push($children, $feed);
+						$children = array_map("intval", $children);
 
 						$children = join(",", $children);
 
@@ -1437,7 +1438,7 @@ class Feeds extends Handler_Protected {
 		} else if ($n_feed >= 0) {
 
 			if ($n_feed != 0) {
-				$match_part = "feed_id = '$n_feed'";
+				$match_part = "feed_id = " . (int)$n_feed;
 			} else {
 				$match_part = "feed_id IS NULL";
 			}
@@ -1672,7 +1673,7 @@ class Feeds extends Handler_Protected {
 
 			$cat_feeds = array();
 			while ($line = $sth->fetch()) {
-				array_push($cat_feeds, "feed_id = " . $line["id"]);
+				array_push($cat_feeds, "feed_id = " . (int)$line["id"]);
 			}
 
 			if (count($cat_feeds) == 0) return 0;
@@ -1887,8 +1888,9 @@ class Feeds extends Handler_Protected {
 					if ($include_children) {
 						# sub-cats
 						$subcats = Feeds::getChildCategories($feed, $owner_uid);
-
 						array_push($subcats, $feed);
+						$subcats = array_map("intval", $subcats);
+
 						$query_strategy_part = "cat_id IN (".
 							implode(",", $subcats).")";
 
@@ -2096,9 +2098,9 @@ class Feeds extends Handler_Protected {
 						$sanity_interval_qpart
 						$first_id_query_strategy_part ORDER BY $order_by LIMIT 1";
 
-				if ($_REQUEST["debug"]) {
+				/*if ($_REQUEST["debug"]) {
 					print $query;
-				}
+				}*/
 
 				$res = $pdo->query($query);
 
@@ -2144,7 +2146,7 @@ class Feeds extends Handler_Protected {
 					$query_strategy_part ORDER BY $order_by
 					$limit_query_part $offset_query_part";
 
-			if ($_REQUEST["debug"]) print $query;
+			//if ($_REQUEST["debug"]) print $query;
 
 			$res = $pdo->query($query);
 
diff --git a/include/functions.php b/include/functions.php
index 60aebe0da..a9786e49b 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -2278,6 +2278,7 @@
 					if ($rule["cat_id"] > 0) {
 						$children = Feeds::getChildCategories($rule["cat_id"], $owner_uid);
 						array_push($children, $rule["cat_id"]);
+						$children = array_map("intval", $children);
 
 						$children = join(",", $children);
 
-- 
GitLab