From c850017beff925c8c75651269257e55ba19cb9da Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Thu, 1 Mar 2007 19:55:51 +0000
Subject: [PATCH] Backport

---
 docs/NEWS                         | 5 +++++
 include/functions_entries.inc.php | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/docs/NEWS b/docs/NEWS
index 846f876..30163d5 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,11 @@
 Version 1.1.2 ()
 ------------------------------------------------------------------------
 
+    * Fix showing SQL error message when an empty category is selected
+      for viewing. Fixes an issue reported by Samenspender that was
+      falsely declard as SQL injection. In fact, no invalid SQL
+      code can be injected. (garvinhicking)
+                
     * Better checks to see if the local PEAR inclusion is required
       (garvinhicking)
 
diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php
index 2acf7b3..2d663a2 100644
--- a/include/functions_entries.inc.php
+++ b/include/functions_entries.inc.php
@@ -69,6 +69,10 @@ function serendipity_getMultiCategoriesSQL($cats, $invert = false) {
             $cat_sql_array[] = " (c.category_left " . ($invert ? " NOT " : "") . " BETWEEN " . implode(' AND ', serendipity_fetchCategoryRange($categoryid)) . ')';
         }
     }
+    
+    if (count($cat_sql_array) < 1) {
+        return '';
+    }
 
     return '(' . implode(($invert ? ' AND ' : ' OR '), $cat_sql_array) . ')';
 }
-- 
2.39.5