diff options
| author | cash <cash.costello@gmail.com> | 2011-12-31 11:06:41 -0500 |
|---|---|---|
| committer | cash <cash.costello@gmail.com> | 2011-12-31 11:06:41 -0500 |
| commit | 80c2e13287612e52c046063a5b3d5e5bd4c8b532 (patch) | |
| tree | ddf9817de50ed2858c2d05092fff8470df5e24da /engine/lib | |
| parent | c49f6d145700c878851ed6b548674d7693238841 (diff) | |
| download | elgg-80c2e13287612e52c046063a5b3d5e5bd4c8b532.tar.gz elgg-80c2e13287612e52c046063a5b3d5e5bd4c8b532.tar.bz2 | |
Fixes #4258 fixes add_to_river escaping
Diffstat (limited to 'engine/lib')
| -rw-r--r-- | engine/lib/river.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/engine/lib/river.php b/engine/lib/river.php index 421813441..63625878f 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -44,10 +44,16 @@ $posted = 0, $annotation_id = 0) { if ($access_id === "") { $access_id = $object->access_id; } - $annotation_id = (int)$annotation_id; $type = $object->getType(); $subtype = $object->getSubtype(); + + $view = sanitise_string($view); $action_type = sanitise_string($action_type); + $subject_guid = sanitise_int($subject_guid); + $object_guid = sanitise_int($object_guid); + $access_id = sanitise_int($access_id); + $posted = sanitise_int($posted); + $annotation_id = sanitise_int($annotation_id); $params = array( 'type' => $type, |