From 9187350187d562289503d03586b43b9564c9e3f8 Mon Sep 17 00:00:00 2001 From: ben Date: Fri, 13 Feb 2009 12:21:27 +0000 Subject: Data sanitisation fix. git-svn-id: https://code.elgg.org/elgg/trunk@2735 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/river2.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'engine') diff --git a/engine/lib/river2.php b/engine/lib/river2.php index 3648123a6..974241472 100644 --- a/engine/lib/river2.php +++ b/engine/lib/river2.php @@ -149,8 +149,8 @@ $object_guid[$key] = (int) $temp; } } - if (!empty($type)) $action_type = sanitise_string($type); - if (!empty($subtype)) $action_type = sanitise_string($subtype); + if (!empty($type)) $type = sanitise_string($type); + if (!empty($subtype)) $subtype = sanitise_string($subtype); if (!empty($action_type)) $action_type = sanitise_string($action_type); $limit = (int) $limit; $offset = (int) $offset; @@ -194,6 +194,8 @@ // Construct main SQL $sql = "select id,type,subtype,action_type,access_id,view,subject_guid,object_guid,posted from {$CONFIG->dbprefix}river where {$whereclause} order by posted desc limit {$offset},{$limit}"; + system_message($sql); + // Get data return get_data($sql); -- cgit v1.2.3