diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2011-09-04 17:43:56 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2011-09-04 17:43:56 -0700 |
commit | 9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7 (patch) | |
tree | e7623e9e6aff2b0f232af19e0ac8e922dd893cfa | |
parent | 61af80fd0905caa6b04c9a203f327da7b569c7cf (diff) | |
download | elgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.gz elgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.bz2 |
Refs #3661. Merged XSS fixes in search to master.
-rw-r--r-- | engine/lib/entities.php | 8 | ||||
-rw-r--r-- | mod/search/search_hooks.php | 6 |
2 files changed, 11 insertions, 3 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 10313fc8c..68aa7c8fb 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1118,8 +1118,12 @@ function elgg_get_guid_based_where_sql($column, $guids) { $guids_sanitized = array(); foreach ($guids as $guid) { - if (($guid != sanitise_int($guid))) { - return FALSE; + if ($guid !== ELGG_ENTITIES_NO_VALUE) { + $guid = sanitise_int($guid); + + if (!$guid) { + return false; + } } $guids_sanitized[] = $guid; } diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php index 428d6f700..b302272fb 100644 --- a/mod/search/search_hooks.php +++ b/mod/search/search_hooks.php @@ -202,6 +202,10 @@ function search_tags_hook($hook, $type, $value, $params) { $search_tag_names = $valid_tag_names; } + if (!$search_tag_names) { + return array('entities' => array(), 'count' => $count); + } + // don't use elgg_get_entities_from_metadata() here because of // performance issues. since we don't care what matches at this point // use an IN clause to grab everything that matches at once and sort @@ -337,7 +341,7 @@ function search_comments_hook($hook, $type, $value, $params) { $container_and = ''; if ($params['container_guid'] && $params['container_guid'] !== ELGG_ENTITIES_ANY_VALUE) { - $container_and = 'AND e.container_guid = ' . sanitise_string($params['container_guid']); + $container_and = 'AND e.container_guid = ' . sanitise_int($params['container_guid']); } $e_access = get_access_sql_suffix('e'); |