aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2019-06-21 10:37:09 +0200
committerMario Vavti <mario@mariovavti.com>2019-06-21 10:37:09 +0200
commit3dd6499ac4bfbb7ef52ba3a224ec7a35ff481a48 (patch)
treec33a902a6c3aba2a932f04c5675c1a088259511f
parent24b0f8e27e2f5e035b9a8f488bae8d79a10398a4 (diff)
downloadvolse-hubzilla-3dd6499ac4bfbb7ef52ba3a224ec7a35ff481a48.tar.gz
volse-hubzilla-3dd6499ac4bfbb7ef52ba3a224ec7a35ff481a48.tar.bz2
volse-hubzilla-3dd6499ac4bfbb7ef52ba3a224ec7a35ff481a48.zip
fix mid not dbesc'd. the comment was no longer true. this fixes an issue with mid's that contain single quotes
-rwxr-xr-xinclude/items.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/items.php b/include/items.php
index d2dba9677..4fc659926 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2012,7 +2012,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
// find the item we just created
$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d and revision = %d ORDER BY id ASC ",
- $arr['mid'], // already dbesc'd
+ dbesc($arr['mid']),
intval($arr['uid']),
intval($arr['revision'])
);
@@ -2033,7 +2033,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
if(count($r) > 1) {
logger('item_store: duplicated post occurred. Removing duplicates.');
q("DELETE FROM item WHERE mid = '%s' AND uid = %d AND id != %d ",
- $arr['mid'],
+ dbesc($arr['mid']),
intval($arr['uid']),
intval($current_post)
);