diff options
author | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-13 12:21:27 +0000 |
---|---|---|
committer | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-13 12:21:27 +0000 |
commit | 9187350187d562289503d03586b43b9564c9e3f8 (patch) | |
tree | 43fc8d6e55cd9b21611d4d14d3085bbaeb15f0e2 /engine/lib/river2.php | |
parent | 12b74f845888c994b834e301e6e47dde5f6d03b0 (diff) | |
download | elgg-9187350187d562289503d03586b43b9564c9e3f8.tar.gz elgg-9187350187d562289503d03586b43b9564c9e3f8.tar.bz2 |
Data sanitisation fix.
git-svn-id: https://code.elgg.org/elgg/trunk@2735 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/river2.php')
-rw-r--r-- | engine/lib/river2.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/engine/lib/river2.php b/engine/lib/river2.php index 3648123a6..974241472 100644 --- a/engine/lib/river2.php +++ b/engine/lib/river2.php @@ -149,8 +149,8 @@ $object_guid[$key] = (int) $temp;
}
}
- if (!empty($type)) $action_type = sanitise_string($type);
- if (!empty($subtype)) $action_type = sanitise_string($subtype);
+ if (!empty($type)) $type = sanitise_string($type);
+ if (!empty($subtype)) $subtype = sanitise_string($subtype);
if (!empty($action_type)) $action_type = sanitise_string($action_type);
$limit = (int) $limit;
$offset = (int) $offset;
@@ -194,6 +194,8 @@ // Construct main SQL
$sql = "select id,type,subtype,action_type,access_id,view,subject_guid,object_guid,posted from {$CONFIG->dbprefix}river where {$whereclause} order by posted desc limit {$offset},{$limit}";
+ system_message($sql);
+
// Get data
return get_data($sql);
|