aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-08-28 18:59:30 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-08-28 18:59:30 +0000
commit15d7ee1ced7182064af26e300c6c4df78dc4c059 (patch)
tree837c96c8039a139e15843f8d9ef401860af7feb0 /engine/lib
parentdb5588e35eab1c0793c4882bbdd25c6fa2920375 (diff)
downloadelgg-15d7ee1ced7182064af26e300c6c4df78dc4c059.tar.gz
elgg-15d7ee1ced7182064af26e300c6c4df78dc4c059.tar.bz2
added escaping to get_entities_from_private_setting_multi()
git-svn-id: http://code.elgg.org/elgg/trunk@6872 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/entities.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 95807aab5..813759c8b 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -3546,6 +3546,7 @@ function get_entities_from_private_setting_multi(array $name, $type = "", $subty
$i = 1;
foreach ($name as $k => $n) {
$k = sanitise_string($k);
+ $n = sanitise_string($n);
$s_join .= " JOIN {$CONFIG->dbprefix}private_settings s$i ON e.guid=s$i.entity_guid";
$where[] = "s$i.name = '$k'";
$where[] = "s$i.value = '$n'";