Fixes #4258 fixes add_to_river escaping

author cash <cash.costello@gmail.com>

Sat, 31 Dec 2011 16:06:41 +0000 (11:06 -0500)

committer cash <cash.costello@gmail.com>

Sat, 31 Dec 2011 16:06:41 +0000 (11:06 -0500)
author cash <cash.costello@gmail.com>
Sat, 31 Dec 2011 16:06:41 +0000 (11:06 -0500)
committer cash <cash.costello@gmail.com>
Sat, 31 Dec 2011 16:06:41 +0000 (11:06 -0500)
diff --git a/engine/lib/river.php b/engine/lib/river.php

index 4218134415620d69032bd178a9171a84e8cf807f..63625878f4c08859d2649c0556d179cc49d0bcdd 100644 (file)
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -44,10 +44,16 @@ $posted = 0, $annotation_id = 0) {
         if ($access_id === "") {
                 $access_id = $object->access_id;
         }
-       $annotation_id = (int)$annotation_id;
         $type = $object->getType();
         $subtype = $object->getSubtype();
+
+       $view = sanitise_string($view);
         $action_type = sanitise_string($action_type);
+       $subject_guid = sanitise_int($subject_guid);
+       $object_guid = sanitise_int($object_guid);
+       $access_id = sanitise_int($access_id);
+       $posted = sanitise_int($posted);
+       $annotation_id = sanitise_int($annotation_id);
  
         $params = array(
                 'type' => $type,
author	cash <cash.costello@gmail.com>
	Sat, 31 Dec 2011 16:06:41 +0000 (11:06 -0500)
committer	cash <cash.costello@gmail.com>
	Sat, 31 Dec 2011 16:06:41 +0000 (11:06 -0500)