aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2011-09-04 17:43:56 -0700
committerBrett Profitt <brett.profitt@gmail.com>2011-09-04 17:43:56 -0700
commit9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7 (patch)
treee7623e9e6aff2b0f232af19e0ac8e922dd893cfa /engine/lib
parent61af80fd0905caa6b04c9a203f327da7b569c7cf (diff)
downloadelgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.gz
elgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.bz2
Refs #3661. Merged XSS fixes in search to master.
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/entities.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 10313fc8c..68aa7c8fb 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -1118,8 +1118,12 @@ function elgg_get_guid_based_where_sql($column, $guids) {
$guids_sanitized = array();
foreach ($guids as $guid) {
- if (($guid != sanitise_int($guid))) {
- return FALSE;
+ if ($guid !== ELGG_ENTITIES_NO_VALUE) {
+ $guid = sanitise_int($guid);
+
+ if (!$guid) {
+ return false;
+ }
}
$guids_sanitized[] = $guid;
}