diff options
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/api.php | 2 | ||||
-rw-r--r-- | engine/tests/services/api.php | 14 |
2 files changed, 14 insertions, 2 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index 46b3e0e40..bed7a5129 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -634,7 +634,7 @@ function serialise_parameters($method, $parameters) { break; case 'string': - $serialised_parameters .= ",'" . (string)mysql_real_escape_string(trim($parameters[$key])) . "'"; + $serialised_parameters .= ",'" . addcslashes(trim($parameters[$key]), "'") . "'"; break; case 'float': $serialised_parameters .= "," . (float)trim($parameters[$key]); diff --git a/engine/tests/services/api.php b/engine/tests/services/api.php index 28a7a64bc..57aaa08d5 100644 --- a/engine/tests/services/api.php +++ b/engine/tests/services/api.php @@ -81,10 +81,10 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest { $parameters = array('param1' => array('type' => 'int', 'required' => true),
'param2' => array('type' => 'bool', 'required' => true),
'param3' => array('type' => 'string', 'required' => false), );
+ $method['description'] = '';
$method['function'] = 'foo';
$method['parameters'] = $parameters;
$method['call_method'] = 'GET';
- $method['description'] = '';
$method['require_api_auth'] = false;
$method['require_user_auth'] = false;
@@ -224,6 +224,18 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest { $s = serialise_parameters('test', $parameters);
$this->assertIdentical($s, ",'testing'");
+ // test string with " in it
+ $this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+ $parameters = array('param1' => 'test"ing');
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ',\'test"ing\'');
+
+ // test string with ' in it
+ $this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+ $parameters = array('param1' => 'test\'ing');
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ",'test\'ing'");
+
// float
$this->registerFunction(false, false, array('param1' => array('type' => 'float')));
$parameters = array('param1' => 2.5);
|