From 73279cf80bdac6acc811dff135f4218a38e9b8da Mon Sep 17 00:00:00 2001
From: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Date: Thu, 3 Jul 2008 23:31:11 +0200
Subject: [PATCH] Fixes a (potentially not exploitable) SQL injection in
 ajax/tips.

Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
---
 modules/events.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/events.php b/modules/events.php
index 75ef0b2..1dda5da 100644
--- a/modules/events.php
+++ b/modules/events.php
@@ -59,7 +59,7 @@ class EventsModule extends PLModule
                          'special'   => true);
         }
 
-        $exclude  = is_null($exclude) ? '' : ' AND id != ' . $exclude . ' ';
+        $exclude  = is_null($exclude) ? '' : ' AND id != ' . intval($exclude) . ' ';
         $priority = rand(0, 510);
         do {
             $priority = (int)($priority/2);
-- 
2.1.4