diff options
author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-28 18:59:30 +0000 |
---|---|---|
committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-28 18:59:30 +0000 |
commit | 15d7ee1ced7182064af26e300c6c4df78dc4c059 (patch) | |
tree | 837c96c8039a139e15843f8d9ef401860af7feb0 /engine/lib | |
parent | db5588e35eab1c0793c4882bbdd25c6fa2920375 (diff) | |
download | elgg-15d7ee1ced7182064af26e300c6c4df78dc4c059.tar.gz elgg-15d7ee1ced7182064af26e300c6c4df78dc4c059.tar.bz2 |
added escaping to get_entities_from_private_setting_multi()
git-svn-id: http://code.elgg.org/elgg/trunk@6872 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/entities.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 95807aab5..813759c8b 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -3546,6 +3546,7 @@ function get_entities_from_private_setting_multi(array $name, $type = "", $subty $i = 1; foreach ($name as $k => $n) { $k = sanitise_string($k); + $n = sanitise_string($n); $s_join .= " JOIN {$CONFIG->dbprefix}private_settings s$i ON e.guid=s$i.entity_guid"; $where[] = "s$i.name = '$k'"; $where[] = "s$i.value = '$n'"; |