[TASK] Harden database queries in LocalizationController

Resolves: #71442 Releases: master Change-Id: Id4480dfd18913add55f07ca030cc2d56ba85974f Reviewed-on: https://review.typo3.org/44644 Reviewed-by: Andreas Fernandez <typo3@scripting-base.de> Tested-by: Andreas Fernandez <typo3@scripting-base.de> Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl> Tested-by: Wouter Wolters <typo3@wouterwolters.nl>

[TASK] Harden database queries in LocalizationController
Resolves: #71442 Releases: master Change-Id: Id4480dfd18913add55f07ca030cc2d56ba85974f Reviewed-on: https://review.typo3.org/44644 Reviewed-by: Andreas Fernandez <typo3@scripting-base.de> Tested-by: Andreas Fernandez <typo3@scripting-base.de> Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl> Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
b2ef87f3 · Helmut Hummel · Wouter Wolters · 5e205b5b · b2ef87f3
Commit b2ef87f3 authored 9 years ago by Helmut Hummel Committed by Wouter Wolters 9 years ago
--- a/typo3/sysext/backend/Classes/Controller/Page/LocalizationController.php
+++ b/typo3/sysext/backend/Classes/Controller/Page/LocalizationController.php
@@ -76,9 +76,9 @@ class LocalizationController
        $elementsInColumnCount = $databaseConnection->exec_SELECTcountRows(
            'uid',
            'tt_content',
-            'tt_content.sys_language_uid=' . $languageId
-                . ' AND tt_content.colPos = ' . $colPos
-                . ' AND tt_content.pid=' . $pageId
+            'tt_content.sys_language_uid=' . (int)$languageId
+                . ' AND tt_content.colPos = ' . (int)$colPos
+                . ' AND tt_content.pid=' . (int)$pageId
                . $excludeQueryPart
        );
        $additionalWhere = '';
@@ -94,16 +94,15 @@ class LocalizationController
                'sys_language.uid',
                'tt_content,sys_language',
                'tt_content.sys_language_uid=sys_language.uid'
-                    . ' AND tt_content.colPos = ' . $colPos
-                    . ' AND tt_content.pid=' . $pageId
-                    . ' AND sys_language.uid <> ' . $languageId
+                    . ' AND tt_content.colPos = ' . (int)$colPos
+                    . ' AND tt_content.pid=' . (int)$pageId
+                    . ' AND sys_language.uid <> ' . (int)$languageId
                    . $additionalWhere
                    . $excludeQueryPart,
                'tt_content.sys_language_uid',
                'sys_language.title'
            );
            while ($row = $databaseConnection->sql_fetch_assoc($res)) {
-                $row['uid'] = (int)$row['uid'];
                if (isset($systemLanguages[$row['uid']])) {
                    $availableLanguages[] = $systemLanguages[$row['uid']];
                }