diff options
| author | Brett Profitt <brett.profitt@gmail.com> | 2011-09-04 17:43:56 -0700 |
|---|---|---|
| committer | Brett Profitt <brett.profitt@gmail.com> | 2011-09-04 17:43:56 -0700 |
| commit | 9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7 (patch) | |
| tree | e7623e9e6aff2b0f232af19e0ac8e922dd893cfa /engine/lib | |
| parent | 61af80fd0905caa6b04c9a203f327da7b569c7cf (diff) | |
| download | elgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.gz elgg-9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7.tar.bz2 | |
Refs #3661. Merged XSS fixes in search to master.
Diffstat (limited to 'engine/lib')
| -rw-r--r-- | engine/lib/entities.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 10313fc8c..68aa7c8fb 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1118,8 +1118,12 @@ function elgg_get_guid_based_where_sql($column, $guids) { $guids_sanitized = array(); foreach ($guids as $guid) { - if (($guid != sanitise_int($guid))) { - return FALSE; + if ($guid !== ELGG_ENTITIES_NO_VALUE) { + $guid = sanitise_int($guid); + + if (!$guid) { + return false; + } } $guids_sanitized[] = $guid; } |