diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/item.php | 11 | ||||
-rw-r--r-- | mod/profile.php | 6 |
2 files changed, 6 insertions, 11 deletions
diff --git a/mod/item.php b/mod/item.php index 672084fe8..ff3f41138 100644 --- a/mod/item.php +++ b/mod/item.php @@ -1,12 +1,7 @@ <?php -function sanitise_intacl(&$item) { - $item = '<' . intval(notags(trim($item))) . '>'; -} - - function sanitise_acl(&$item) { - $item = '<' . notags(trim($item)) . '>'; + $item = '<' . intval(notags(trim($item))) . '>'; } function item_post(&$a) { @@ -35,7 +30,7 @@ function item_post(&$a) { $str_contact_allow = ''; $contact_allow = $_POST['contact_allow']; if(is_array($contact_allow)) { - array_walk($contact_allow,'sanitise_intacl'); + array_walk($contact_allow,'sanitise_acl'); $str_contact_allow = implode('',$contact_allow); } @@ -49,7 +44,7 @@ function item_post(&$a) { $str_contact_deny = ''; $contact_deny = $_POST['contact_deny']; if(is_array($contact_deny)) { - array_walk($contact_deny,'sanitise_intacl'); + array_walk($contact_deny,'sanitise_acl'); $str_contact_deny = implode('',$contact_deny); } diff --git a/mod/profile.php b/mod/profile.php index 37bf04a0c..5a1ac0639 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -170,7 +170,7 @@ function profile_content(&$a) { $gs = '<<>>'; // should be impossible to match if(count($groups)) { foreach($groups as $g) - $gs .= '|<' . dbesc($g) . '>'; + $gs .= '|<' . intval($g) . '>'; } $sql_extra = sprintf( " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) @@ -180,8 +180,8 @@ function profile_content(&$a) { intval($_SESSION['visitor_id']), intval($_SESSION['visitor_id']), - $gs, - $gs + dbesc($gs), + dbesc($gs) ); } |