From b080fd96052b1f970495e34841b1b61de34e3f24 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 13 Nov 2009 02:32:46 +0000
Subject: should fix #1364 and added relevant unit test cases for this bug
 (yeah for unit tests)

git-svn-id: http://code.elgg.org/elgg/trunk@3676 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/api.php            |  2 +-
 engine/tests/services/api.php | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

(limited to 'engine')

diff --git a/engine/lib/api.php b/engine/lib/api.php
index 46b3e0e40..bed7a5129 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -634,7 +634,7 @@ function serialise_parameters($method, $parameters) {
 				
 				break;
 			case 'string': 
-				$serialised_parameters .= ",'" .  (string)mysql_real_escape_string(trim($parameters[$key])) . "'"; 
+				$serialised_parameters .= ",'" . addcslashes(trim($parameters[$key]), "'") . "'";
 				break;
 			case 'float': 
 				$serialised_parameters .= "," . (float)trim($parameters[$key]); 
diff --git a/engine/tests/services/api.php b/engine/tests/services/api.php
index 28a7a64bc..57aaa08d5 100644
--- a/engine/tests/services/api.php
+++ b/engine/tests/services/api.php
@@ -81,10 +81,10 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
 		$parameters = array('param1' => array('type' => 'int', 'required' => true), 
 							'param2' => array('type' => 'bool', 'required' => true),
 							'param3' => array('type' => 'string', 'required' => false), );
+		$method['description'] = '';
 		$method['function'] = 'foo';
 		$method['parameters'] = $parameters;
 		$method['call_method'] = 'GET'; 
-		$method['description'] = '';
 		$method['require_api_auth'] = false;
 		$method['require_user_auth'] = false;
 
@@ -224,6 +224,18 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
 		$s = serialise_parameters('test', $parameters);
 		$this->assertIdentical($s, ",'testing'");
 
+		// test string with " in it
+		$this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+		$parameters = array('param1' => 'test"ing');
+		$s = serialise_parameters('test', $parameters);
+		$this->assertIdentical($s, ',\'test"ing\'');
+		
+		// test string with ' in it
+		$this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+		$parameters = array('param1' => 'test\'ing');
+		$s = serialise_parameters('test', $parameters);
+		$this->assertIdentical($s, ",'test\'ing'");
+		
 		// float
 		$this->registerFunction(false, false, array('param1' => array('type' => 'float')));
 		$parameters = array('param1' => 2.5);
-- 
cgit v1.2.3