From 6aca30e10b4181534f73f96d6e2ebeb45ec15069 Mon Sep 17 00:00:00 2001
From: Jelmer Prins <jelmer@pageon.be>
Date: Wed, 23 Mar 2022 13:21:47 +0100
Subject: [PATCH] Prevent sql injection through the ids of the blog comments

---
 src/Backend/Modules/Blog/Engine/Model.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Backend/Modules/Blog/Engine/Model.php b/src/Backend/Modules/Blog/Engine/Model.php
index 6ee1dce527..129cfdf55a 100644
--- a/src/Backend/Modules/Blog/Engine/Model.php
+++ b/src/Backend/Modules/Blog/Engine/Model.php
@@ -501,7 +501,7 @@ public static function getComments(array $ids): array
             'SELECT *
              FROM blog_comments AS i
              WHERE i.id IN (' . implode(', ', array_fill(0, count($ids), '?')) . ')',
-            $ids
+            array_map('intval', $ids)
         );
     }