From b329edf4666cb97f9589578a5cf5332d1c8e68de Mon Sep 17 00:00:00 2001 From: brettp Date: Sun, 2 Jan 2011 21:07:43 +0000 Subject: set_private_setting() checks if the guid is a real entity. git-svn-id: http://code.elgg.org/elgg/trunk@7813 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/private_settings.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/engine/lib/private_settings.php b/engine/lib/private_settings.php index 0d86b93a1..d21ee45e6 100644 --- a/engine/lib/private_settings.php +++ b/engine/lib/private_settings.php @@ -228,7 +228,7 @@ function elgg_get_entities_from_private_settings(array $options = array()) { } $options['wheres'] = array_merge($options['wheres'], $clauses['wheres']); - + // merge joins to pass to get_entities() if (isset($options['joins']) && !is_array($options['joins'])) { $options['joins'] = array($options['joins']); @@ -322,7 +322,7 @@ $pairs = NULL, $pair_operator = 'AND') { if (is_array($pairs)) { // join counter for incremental joins in pairs $i = 1; - + // check if this is an array of pairs or just a single pair. if (isset($pairs['name']) || isset($pairs['value'])) { $pairs = array($pairs); @@ -405,7 +405,7 @@ $pairs = NULL, $pair_operator = 'AND') { if ($where) { $return['wheres'][] = "($where)"; } - + return $return; } @@ -495,6 +495,11 @@ function set_private_setting($entity_guid, $name, $value) { $name = sanitise_string($name); $value = sanitise_string($value); + $entity = get_entity($entity_guid); + if (!$entity instanceof ElggEntity) { + return false; + } + $result = insert_data("INSERT into {$CONFIG->dbprefix}private_settings (entity_guid, name, value) VALUES ($entity_guid, '{$name}', '{$value}') -- cgit v1.2.3