aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/annotations.php20
-rw-r--r--engine/lib/sites.php2
2 files changed, 11 insertions, 11 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index 703538273..1a559b872 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -108,9 +108,9 @@
global $CONFIG;
$object_id = (int)$object_id;
- $object_type = mysql_real_escape_string(trim($object_type));
- $name = mysql_real_escape_string(trim($name));
- $value = mysql_real_escape_string(trim($value));
+ $object_type = sanitise_string(trim($object_type));
+ $name = sanitise_string(trim($name));
+ $value = sanitise_string(trim($value));
$owner_id = (int)$owner_id;
$limit = (int)$limit;
$offset = (int)$offset;
@@ -159,10 +159,10 @@
global $CONFIG;
$object_id = (int)$object_id;
- $object_type = mysql_real_escape_string(trim($object_type));
- $name = mysql_real_escape_string(trim($name));
- $value = mysql_real_escape_string(trim($value));
- $value_type = mysql_real_escape_string(trim($value_type));
+ $object_type = sanitise_string(trim($object_type));
+ $name = sanitise_string(trim($name));
+ $value = sanitise_string(trim($value));
+ $value_type = sanitise_string(trim($value_type));
$owner_id = (int)$owner_id;
$access_id = (int)$access_id;
@@ -184,9 +184,9 @@
global $CONFIG;
$annotation_id = (int)$annotation_id;
- $name = mysql_real_escape_string(trim($name));
- $value = mysql_real_escape_string(trim($value));
- $value_type = mysql_real_escape_string(trim($value_type));
+ $name = sanitise_string(trim($name));
+ $value = sanitise_string(trim($value));
+ $value_type = sanitise_string(trim($value_type));
$owner_id = (int)$owner_id;
$access_id = (int)$access_id;
diff --git a/engine/lib/sites.php b/engine/lib/sites.php
index 420616ca3..b5a06f45c 100644
--- a/engine/lib/sites.php
+++ b/engine/lib/sites.php
@@ -265,7 +265,7 @@
{
global $CONFIG;
- $url = mysql_real_escape_string(trim($url));
+ $url = sanitise_string(trim($url));
$access = get_access_list();
return get_data_row("select o.* from {$CONFIG->dbprefix}sites where url='$url' and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))");