From 9f3c651ccd3f0f43a9d8d61cff4b71e3e29069d7 Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Sun, 4 Sep 2011 17:43:56 -0700
Subject: Refs #3661. Merged XSS fixes in search to master.

---
 engine/lib/entities.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'engine/lib/entities.php')

diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 10313fc8c..68aa7c8fb 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -1118,8 +1118,12 @@ function elgg_get_guid_based_where_sql($column, $guids) {
 
 	$guids_sanitized = array();
 	foreach ($guids as $guid) {
-		if (($guid != sanitise_int($guid))) {
-			return FALSE;
+		if ($guid !== ELGG_ENTITIES_NO_VALUE) {
+			$guid = sanitise_int($guid);
+
+			if (!$guid) {
+				return false;
+			}
 		}
 		$guids_sanitized[] = $guid;
 	}
-- 
cgit v1.2.3