diff options
author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-01-01 01:37:29 +0000 |
---|---|---|
committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-01-01 01:37:29 +0000 |
commit | 8ae80b58057de76d7b1042d38eb799397fb005c1 (patch) | |
tree | 7c058ccd929811c25863f9e0d7efdceb6978fc72 /engine/lib | |
parent | 9124bf4a77eb91f599cc806cb4a41bac529c3a12 (diff) | |
download | elgg-8ae80b58057de76d7b1042d38eb799397fb005c1.tar.gz elgg-8ae80b58057de76d7b1042d38eb799397fb005c1.tar.bz2 |
Fixes #2698 not sanitizing strings to prevent double encoding
git-svn-id: http://code.elgg.org/elgg/trunk@7798 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/metadata.php | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index f2b1fd642..c15a163b7 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -58,20 +58,18 @@ function get_metadata($id) { function remove_metadata($entity_guid, $name, $value = "") { global $CONFIG; $entity_guid = (int) $entity_guid; - $name = sanitise_string($name); - $value = sanitise_string($value); - $name = get_metastring_id($name); - if ($name === FALSE) { + $name_id = get_metastring_id($name); + if ($name_id === FALSE) { // name doesn't exist return FALSE; } - $query = "SELECT * from {$CONFIG->dbprefix}metadata WHERE entity_guid = '$entity_guid' and name_id = '$name'"; + $query = "SELECT * from {$CONFIG->dbprefix}metadata WHERE entity_guid = '$entity_guid' and name_id = '$name_id'"; if ($value != "") { - $value = get_metastring_id($value); - if ($value !== FALSE) { - $query .= " AND value_id = '$value'"; + $value_id = get_metastring_id($value); + if ($value_id !== FALSE) { + $query .= " AND value_id = '$value_id'"; } } |