From 8ef0c3c82aa5ad47b9f3dd1fac9905db50548c1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lech=20Wilczy=C5=84ski?= <lech.wilczynski@gmail.com>
Date: Mon, 21 Sep 2015 16:38:42 +0200
Subject: [PATCH] SQL injection in limit and offset

limit and offset are prone to sql injection.
---
 classes/Kohana/ORM.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/classes/Kohana/ORM.php b/classes/Kohana/ORM.php
index d4348b1..370fe70 100644
--- a/classes/Kohana/ORM.php
+++ b/classes/Kohana/ORM.php
@@ -2000,7 +2000,7 @@ public function limit($number)
 		// Add pending database call which is executed after query type is determined
 		$this->_db_pending[] = array(
 			'name' => 'limit',
-			'args' => array($number),
+			'args' => array(intval($number)),
 		);
 
 		return $this;
@@ -2266,7 +2266,7 @@ public function offset($number)
 		// Add pending database call which is executed after query type is determined
 		$this->_db_pending[] = array(
 			'name' => 'offset',
-			'args' => array($number),
+			'args' => array(intval($number)),
 		);
 
 		return $this;