Sanitising relationship in elgg_get_entities_from_relationship();

author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Mon, 11 Jan 2010 23:18:13 +0000 (23:18 +0000)

committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Mon, 11 Jan 2010 23:18:13 +0000 (23:18 +0000)
author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Mon, 11 Jan 2010 23:18:13 +0000 (23:18 +0000)
committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Mon, 11 Jan 2010 23:18:13 +0000 (23:18 +0000)
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php

index bdd5aadde4b352ca57888a492bfe8b87f7ddee19..d84e70bfb0d126a7c1272d319d7dfc3a85ca0818 100644 (file)
--- a/engine/lib/relationships.php
+++ b/engine/lib/relationships.php
@@ -558,7 +558,7 @@ function elgg_get_entity_relationship_where_sql($table, $relationship = NULL, $r
         }
  
         if ($relationship) {
-               $wheres[] = "r.relationship = '$relationship'";
+               $wheres[] = "r.relationship = '" . sanitise_string($relationship) . "'";
         }
  
         if ($relationship_guid) {
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Mon, 11 Jan 2010 23:18:13 +0000 (23:18 +0000)
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Mon, 11 Jan 2010 23:18:13 +0000 (23:18 +0000)