diff options
| author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-01-11 23:18:13 +0000 |
|---|---|---|
| committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-01-11 23:18:13 +0000 |
| commit | 9ad2e7c3d4511c25a061e2b2459008b7b9cfd8aa (patch) | |
| tree | 8b59611be7935fff8702cf70920034a86561c6f6 /engine/lib/relationships.php | |
| parent | 7b50dc3f875cda85c1e5356a7534ab6b21bbf009 (diff) | |
| download | elgg-9ad2e7c3d4511c25a061e2b2459008b7b9cfd8aa.tar.gz elgg-9ad2e7c3d4511c25a061e2b2459008b7b9cfd8aa.tar.bz2 | |
Sanitising relationship in elgg_get_entities_from_relationship();
git-svn-id: http://code.elgg.org/elgg/trunk@3797 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/relationships.php')
| -rw-r--r-- | engine/lib/relationships.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index bdd5aadde..d84e70bfb 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -558,7 +558,7 @@ function elgg_get_entity_relationship_where_sql($table, $relationship = NULL, $r } if ($relationship) { - $wheres[] = "r.relationship = '$relationship'"; + $wheres[] = "r.relationship = '" . sanitise_string($relationship) . "'"; } if ($relationship_guid) { |