From: cash <cash.costello@gmail.com>
Date: Sat, 31 Dec 2011 16:06:41 +0000 (-0500)
Subject: Fixes #4258 fixes add_to_river escaping
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=80c2e13287612e52c046063a5b3d5e5bd4c8b532;p=lorea%2Felgg.git

Fixes #4258 fixes add_to_river escaping
---

diff --git a/engine/lib/river.php b/engine/lib/river.php
index 421813441..63625878f 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -44,10 +44,16 @@ $posted = 0, $annotation_id = 0) {
 	if ($access_id === "") {
 		$access_id = $object->access_id;
 	}
-	$annotation_id = (int)$annotation_id;
 	$type = $object->getType();
 	$subtype = $object->getSubtype();
+
+	$view = sanitise_string($view);
 	$action_type = sanitise_string($action_type);
+	$subject_guid = sanitise_int($subject_guid);
+	$object_guid = sanitise_int($object_guid);
+	$access_id = sanitise_int($access_id);
+	$posted = sanitise_int($posted);
+	$annotation_id = sanitise_int($annotation_id);
 
 	$params = array(
 		'type' => $type,