Author: Gunnar Wolf <gwolf@debian.org>
Forwarded: http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=12889 and https://github.com/philippK-de/Collabtive/pull/44
Last-update: 2014-05-23
Description: Fix a SQL injection vulnerability in project.datei.php
 CVE-2014-3246 (Debian bug #748828) mentions a SQL injection
 vulnerability due a not properly sanitized input variable.

Index: collabtive/include/class.datei.php
===================================================================
--- collabtive.orig/include/class.datei.php	2014-05-23 14:14:52.000000000 -0500
+++ collabtive/include/class.datei.php	2014-05-23 14:35:16.000000000 -0500
@@ -161,6 +161,7 @@
     function getProjectFolders($project, $parent = 0)
     {
         global $conn;
+	$parent = (int) $parent;
         $project = (int) $project;
 
         $sel = $conn->query("SELECT * FROM projectfolders WHERE project = $project AND parent = $parent ORDER BY ID ASC");
