From 8ae80b58057de76d7b1042d38eb799397fb005c1 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sat, 1 Jan 2011 01:37:29 +0000
Subject: Fixes #2698 not sanitizing strings to prevent double encoding

git-svn-id: http://code.elgg.org/elgg/trunk@7798 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/metadata.php | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'engine/lib/metadata.php')

diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index f2b1fd642..c15a163b7 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -58,20 +58,18 @@ function get_metadata($id) {
 function remove_metadata($entity_guid, $name, $value = "") {
 	global $CONFIG;
 	$entity_guid = (int) $entity_guid;
-	$name = sanitise_string($name);
-	$value = sanitise_string($value);
 	
-	$name = get_metastring_id($name);
-	if ($name === FALSE) {
+	$name_id = get_metastring_id($name);
+	if ($name_id === FALSE) {
 		// name doesn't exist
 		return FALSE;
 	}
 
-	$query = "SELECT * from {$CONFIG->dbprefix}metadata WHERE entity_guid = '$entity_guid' and name_id = '$name'";
+	$query = "SELECT * from {$CONFIG->dbprefix}metadata WHERE entity_guid = '$entity_guid' and name_id = '$name_id'";
 	if ($value != "") {
-		$value = get_metastring_id($value);
-		if ($value !== FALSE) {
-			$query .= " AND value_id = '$value'";
+		$value_id = get_metastring_id($value);
+		if ($value_id !== FALSE) {
+			$query .= " AND value_id = '$value_id'";
 		}
 	}
 
-- 
cgit v1.2.3