aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/api.php2
-rw-r--r--engine/tests/services/api.php14
2 files changed, 14 insertions, 2 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 46b3e0e40..bed7a5129 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -634,7 +634,7 @@ function serialise_parameters($method, $parameters) {
break;
case 'string':
- $serialised_parameters .= ",'" . (string)mysql_real_escape_string(trim($parameters[$key])) . "'";
+ $serialised_parameters .= ",'" . addcslashes(trim($parameters[$key]), "'") . "'";
break;
case 'float':
$serialised_parameters .= "," . (float)trim($parameters[$key]);
diff --git a/engine/tests/services/api.php b/engine/tests/services/api.php
index 28a7a64bc..57aaa08d5 100644
--- a/engine/tests/services/api.php
+++ b/engine/tests/services/api.php
@@ -81,10 +81,10 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
$parameters = array('param1' => array('type' => 'int', 'required' => true),
'param2' => array('type' => 'bool', 'required' => true),
'param3' => array('type' => 'string', 'required' => false), );
+ $method['description'] = '';
$method['function'] = 'foo';
$method['parameters'] = $parameters;
$method['call_method'] = 'GET';
- $method['description'] = '';
$method['require_api_auth'] = false;
$method['require_user_auth'] = false;
@@ -224,6 +224,18 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
$s = serialise_parameters('test', $parameters);
$this->assertIdentical($s, ",'testing'");
+ // test string with " in it
+ $this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+ $parameters = array('param1' => 'test"ing');
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ',\'test"ing\'');
+
+ // test string with ' in it
+ $this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+ $parameters = array('param1' => 'test\'ing');
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ",'test\'ing'");
+
// float
$this->registerFunction(false, false, array('param1' => array('type' => 'float')));
$parameters = array('param1' => 2.5);