aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-01-01 01:37:29 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-01-01 01:37:29 +0000
commit8ae80b58057de76d7b1042d38eb799397fb005c1 (patch)
tree7c058ccd929811c25863f9e0d7efdceb6978fc72 /engine/lib
parent9124bf4a77eb91f599cc806cb4a41bac529c3a12 (diff)
downloadelgg-8ae80b58057de76d7b1042d38eb799397fb005c1.tar.gz
elgg-8ae80b58057de76d7b1042d38eb799397fb005c1.tar.bz2
Fixes #2698 not sanitizing strings to prevent double encoding
git-svn-id: http://code.elgg.org/elgg/trunk@7798 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/metadata.php14
1 files changed, 6 insertions, 8 deletions
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index f2b1fd642..c15a163b7 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -58,20 +58,18 @@ function get_metadata($id) {
function remove_metadata($entity_guid, $name, $value = "") {
global $CONFIG;
$entity_guid = (int) $entity_guid;
- $name = sanitise_string($name);
- $value = sanitise_string($value);
- $name = get_metastring_id($name);
- if ($name === FALSE) {
+ $name_id = get_metastring_id($name);
+ if ($name_id === FALSE) {
// name doesn't exist
return FALSE;
}
- $query = "SELECT * from {$CONFIG->dbprefix}metadata WHERE entity_guid = '$entity_guid' and name_id = '$name'";
+ $query = "SELECT * from {$CONFIG->dbprefix}metadata WHERE entity_guid = '$entity_guid' and name_id = '$name_id'";
if ($value != "") {
- $value = get_metastring_id($value);
- if ($value !== FALSE) {
- $query .= " AND value_id = '$value'";
+ $value_id = get_metastring_id($value);
+ if ($value_id !== FALSE) {
+ $query .= " AND value_id = '$value_id'";
}
}