From 76978dd5620b5664e68a3a4068d5bd07771fe7ea Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Tue, 17 Apr 2012 00:13:46 -0400
Subject: Fixes #4432: Do not escape ORDER BY/GROUP BY clauses in
 elgg_get_entities

---
 engine/lib/entities.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'engine/lib/entities.php')

diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 4875b2c2f..7fe913888 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -915,11 +915,11 @@ function elgg_get_entities(array $options = array()) {
 	}
 
 	if (!$options['count']) {
-		if ($options['group_by'] = sanitise_string($options['group_by'])) {
+		if ($options['group_by']) {
 			$query .= " GROUP BY {$options['group_by']}";
 		}
 
-		if ($options['order_by'] = sanitise_string($options['order_by'])) {
+		if ($options['order_by']) {
 			$query .= " ORDER BY {$options['order_by']}";
 		}
 
-- 
cgit v1.2.3