Skip to content
This repository

Fix ticket 4432 #189

Merged
merged 1 commit into from almost 2 years ago

3 participants

Steve Clay Evan Winslow Cash Costello
Steve Clay
Owner

Do not escape ORDER BY/GROUP BY clauses in elgg_get_entities

Evan Winslow
Owner

LGTM, but same issue with the commit comment.

Cash Costello cash merged commit d713090 into from
Cash Costello cash closed this
Sem sembrestels referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Apr 17, 2012
Steve Clay Fixes #4432: Do not escape ORDER BY/GROUP BY clauses in elgg_get_enti…
…ties
76978dd
This page is out of date. Refresh to see the latest.

Showing 1 changed file with 2 additions and 2 deletions. Show diff stats Hide diff stats

  1. 4  engine/lib/entities.php
4  engine/lib/entities.php
@@ -915,11 +915,11 @@ function elgg_get_entities(array $options = array()) {
915 915
 	}
916 916
 
917 917
 	if (!$options['count']) {
918  
-		if ($options['group_by'] = sanitise_string($options['group_by'])) {
  918
+		if ($options['group_by']) {
919 919
 			$query .= " GROUP BY {$options['group_by']}";
920 920
 		}
921 921
 
922  
-		if ($options['order_by'] = sanitise_string($options['order_by'])) {
  922
+		if ($options['order_by']) {
923 923
 			$query .= " ORDER BY {$options['order_by']}";
924 924
 		}
925 925
 
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.