From ab36f087a7dda7baed2b5a59ad665ac7031ac196 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 26 Mar 2012 10:40:05 +0200
Subject: [PATCH] Security: Adding intval in query

---
 main/inc/lib/database.lib.php        | 1 +
 main/inc/lib/database.mysqli.lib.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/main/inc/lib/database.lib.php b/main/inc/lib/database.lib.php
index 865b393064..f7d6a59fed 100644
--- a/main/inc/lib/database.lib.php
+++ b/main/inc/lib/database.lib.php
@@ -274,6 +274,7 @@ class Database {
      * @todo move this function in a gradebook-related library
      */
     public static function get_course_by_category($category_id) {
+        $category_id = intval($category_id);
         $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC');
         return $info ? $info['course_code'] : false;
     }
diff --git a/main/inc/lib/database.mysqli.lib.php b/main/inc/lib/database.mysqli.lib.php
index aff3c65266..0fce048713 100644
--- a/main/inc/lib/database.mysqli.lib.php
+++ b/main/inc/lib/database.mysqli.lib.php
@@ -262,6 +262,7 @@ class Database {
      * @todo move this function in a gradebook-related library
      */
     public static function get_course_by_category($category_id) {
+        $category_id = intval($category_id);
         $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC');
         return $info ? $info['course_code'] : false;
     }