aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-13 12:21:27 +0000
committerben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-13 12:21:27 +0000
commit9187350187d562289503d03586b43b9564c9e3f8 (patch)
tree43fc8d6e55cd9b21611d4d14d3085bbaeb15f0e2 /engine/lib
parent12b74f845888c994b834e301e6e47dde5f6d03b0 (diff)
downloadelgg-9187350187d562289503d03586b43b9564c9e3f8.tar.gz
elgg-9187350187d562289503d03586b43b9564c9e3f8.tar.bz2
Data sanitisation fix.
git-svn-id: https://code.elgg.org/elgg/trunk@2735 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/river2.php6
1 files changed, 4 insertions, 2 deletions
diff --git a/engine/lib/river2.php b/engine/lib/river2.php
index 3648123a6..974241472 100644
--- a/engine/lib/river2.php
+++ b/engine/lib/river2.php
@@ -149,8 +149,8 @@
$object_guid[$key] = (int) $temp;
}
}
- if (!empty($type)) $action_type = sanitise_string($type);
- if (!empty($subtype)) $action_type = sanitise_string($subtype);
+ if (!empty($type)) $type = sanitise_string($type);
+ if (!empty($subtype)) $subtype = sanitise_string($subtype);
if (!empty($action_type)) $action_type = sanitise_string($action_type);
$limit = (int) $limit;
$offset = (int) $offset;
@@ -194,6 +194,8 @@
// Construct main SQL
$sql = "select id,type,subtype,action_type,access_id,view,subject_guid,object_guid,posted from {$CONFIG->dbprefix}river where {$whereclause} order by posted desc limit {$offset},{$limit}";
+ system_message($sql);
+
// Get data
return get_data($sql);