[eluser]Unknown[/eluser]
CodeIgniter 1.7.2: When using
Code:
$this->db->limit($limit, $offset);
The offset is never validated/escaped in the active record class. It seems like an easy fix would be changing line 1605 in system/database/DB_active_rec.php to:
Code:
if (is_numeric($this->ar_limit) && is_numeric($this->ar_offset))