From fdb8894ca1d0ae7ba9595160465aa5ac6dc75e9b Mon Sep 17 00:00:00 2001 From: marcus Date: Thu, 20 Nov 2008 12:36:28 +0000 Subject: Refs #571. Fixes #569, #570: * Plugin functions set to use private data store. * Fixed some db queries * Modified plugin class overriding get/set functions git-svn-id: https://code.elgg.org/elgg/trunk@2475 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/entities.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'engine/lib/entities.php') diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 3604574e3..0cfceb7a0 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -2164,7 +2164,8 @@ global $CONFIG; $entity_guid = (int) $entity_guid; - $name = mysql_real_escape_string($name); + $name = sanitise_string($name); + if ($setting = get_data_row("SELECT value from {$CONFIG->dbprefix}private_settings where name = '{$name}' and entity_guid = {$entity_guid}")) { return $setting->value; } @@ -2188,7 +2189,7 @@ $return = array(); foreach ($result as $r) $return[$r->name] = $r->value; - + return $return; } @@ -2207,9 +2208,9 @@ global $CONFIG; $entity_guid = (int) $entity_guid; - $name = mysql_real_escape_string($name); - $value = mysql_real_escape_string($value); - + $name = sanitise_string($name); + $value = sanitise_string($value); + return insert_data("INSERT into {$CONFIG->dbprefix}private_settings (entity_guid, name, value) VALUES ($entity_guid, '{$name}', '{$value}') ON DUPLICATE KEY UPDATE value='$value'"); } @@ -2226,7 +2227,7 @@ global $CONFIG; $entity_guid = (int) $entity_guid; - $name = mysql_real_escape_string($name); + $name = sanitise_string($name); return delete_data("DELETE from {$CONFIG->dbprefix}private_settings where name = '{$name}' and entity_guid = {$entity_guid}"); } -- cgit v1.2.3