aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/item.php11
-rw-r--r--mod/profile.php6
2 files changed, 6 insertions, 11 deletions
diff --git a/mod/item.php b/mod/item.php
index 672084fe8..ff3f41138 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1,12 +1,7 @@
<?php
-function sanitise_intacl(&$item) {
- $item = '<' . intval(notags(trim($item))) . '>';
-}
-
-
function sanitise_acl(&$item) {
- $item = '<' . notags(trim($item)) . '>';
+ $item = '<' . intval(notags(trim($item))) . '>';
}
function item_post(&$a) {
@@ -35,7 +30,7 @@ function item_post(&$a) {
$str_contact_allow = '';
$contact_allow = $_POST['contact_allow'];
if(is_array($contact_allow)) {
- array_walk($contact_allow,'sanitise_intacl');
+ array_walk($contact_allow,'sanitise_acl');
$str_contact_allow = implode('',$contact_allow);
}
@@ -49,7 +44,7 @@ function item_post(&$a) {
$str_contact_deny = '';
$contact_deny = $_POST['contact_deny'];
if(is_array($contact_deny)) {
- array_walk($contact_deny,'sanitise_intacl');
+ array_walk($contact_deny,'sanitise_acl');
$str_contact_deny = implode('',$contact_deny);
}
diff --git a/mod/profile.php b/mod/profile.php
index 37bf04a0c..5a1ac0639 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -170,7 +170,7 @@ function profile_content(&$a) {
$gs = '<<>>'; // should be impossible to match
if(count($groups)) {
foreach($groups as $g)
- $gs .= '|<' . dbesc($g) . '>';
+ $gs .= '|<' . intval($g) . '>';
}
$sql_extra = sprintf(
" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
@@ -180,8 +180,8 @@ function profile_content(&$a) {
intval($_SESSION['visitor_id']),
intval($_SESSION['visitor_id']),
- $gs,
- $gs
+ dbesc($gs),
+ dbesc($gs)
);
}