From 80c2e13287612e52c046063a5b3d5e5bd4c8b532 Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Sat, 31 Dec 2011 11:06:41 -0500
Subject: Fixes #4258 fixes add_to_river escaping

---
 engine/lib/river.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'engine/lib/river.php')

diff --git a/engine/lib/river.php b/engine/lib/river.php
index 421813441..63625878f 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -44,10 +44,16 @@ $posted = 0, $annotation_id = 0) {
 	if ($access_id === "") {
 		$access_id = $object->access_id;
 	}
-	$annotation_id = (int)$annotation_id;
 	$type = $object->getType();
 	$subtype = $object->getSubtype();
+
+	$view = sanitise_string($view);
 	$action_type = sanitise_string($action_type);
+	$subject_guid = sanitise_int($subject_guid);
+	$object_guid = sanitise_int($object_guid);
+	$access_id = sanitise_int($access_id);
+	$posted = sanitise_int($posted);
+	$annotation_id = sanitise_int($annotation_id);
 
 	$params = array(
 		'type' => $type,
-- 
cgit v1.2.3