aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/metadata.php12
1 files changed, 7 insertions, 5 deletions
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index d0ab818b9..d2851275d 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -647,7 +647,7 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
if (!$name) {
$name = '0';
}
- $sanitised_names[] = "'$name'";
+ $sanitised_names[] = '\'' . sanitise_string($name) . '\'';
}
if ($names_str = implode(',', $sanitised_names)) {
@@ -671,7 +671,7 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
if (!$value) {
$value = 0;
}
- $sanitised_values[] = "'$value'";
+ $sanitised_values[] = '\'' . sanitise_string($value) . '\'';
}
if ($values_str = implode(',', $sanitised_values)) {
@@ -740,13 +740,15 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
// if the operand is IN don't quote it because quoting should be done already.
//$value = trim(strtolower($operand)) == 'in' ? $pair['value'] : "'{$pair['value']}'";
if (trim(strtolower($operand)) == 'in' || sanitise_int($pair['value'])) {
- $value = $pair['value'];
+ $value = sanitise_string($pair['value']);
} else {
- $value = "'{$pair['value']}'";
+ $value = '\'' . sanitise_string($pair['value']) . '\'';
}
+ $name = sanitise_string($pair['name']);
+
$access = get_access_sql_suffix("md{$i}");
- $pair_wheres[] = "(msn{$i}.string = '{$pair['name']}' AND {$pair_binary}msv{$i}.string $operand $value AND $access)";
+ $pair_wheres[] = "(msn{$i}.string = '$name' AND {$pair_binary}msv{$i}.string $operand $value AND $access)";
$i++;
}