From 15d7ee1ced7182064af26e300c6c4df78dc4c059 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 28 Aug 2010 18:59:30 +0000 Subject: added escaping to get_entities_from_private_setting_multi() git-svn-id: http://code.elgg.org/elgg/trunk@6872 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/entities.php | 1 + 1 file changed, 1 insertion(+) (limited to 'engine') diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 95807aab5..813759c8b 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -3546,6 +3546,7 @@ function get_entities_from_private_setting_multi(array $name, $type = "", $subty $i = 1; foreach ($name as $k => $n) { $k = sanitise_string($k); + $n = sanitise_string($n); $s_join .= " JOIN {$CONFIG->dbprefix}private_settings s$i ON e.guid=s$i.entity_guid"; $where[] = "s$i.name = '$k'"; $where[] = "s$i.value = '$n'"; -- cgit v1.2.3