Prevent sql injection through the ids of the blog comments

forkcms · Mar 23, 2022 · 6aca30e · 6aca30e
1 parent 1b38e33
commit 6aca30e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Backend/Modules/Blog/Engine/Model.php b/src/Backend/Modules/Blog/Engine/Model.php
@@ -501,7 +501,7 @@ public static function getComments(array $ids): array
             'SELECT *
              FROM blog_comments AS i
              WHERE i.id IN (' . implode(', ', array_fill(0, count($ids), '?')) . ')',
-            $ids
+            array_map('intval', $ids)
         );
     }