Author: Gunnar Wolf <gwolf@debian.org>
Forwarded: http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=12889 and https://github.com/philippK-de/Collabtive/pull/44
Last-update: 2014-05-23
Description: Fix a SQL injection vulnerability in project.datei.php
 CVE-2014-3246 (Debian bug #748828) mentions a SQL injection
 vulnerability due a not properly sanitized input variable.

Index: collabtive/include/class.datei.php
===================================================================
--- collabtive.orig/include/class.datei.php
+++ collabtive/include/class.datei.php
@@ -192,7 +192,7 @@ class datei {
     function getProjectFolders($project, $parent = 0)
     {
         global $conn;
-
+	$parent = (int) $parent;
         $project = (int) $project;
 
         $sel = $conn->query("SELECT * FROM projectfolders WHERE project = $project AND parent = $parent ORDER BY ID ASC");
