2 files changed, 6 insertions, 11 deletions

diff --git a/mod/item.php b/mod/item.php
index 672084fe8..ff3f41138 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1,12 +1,7 @@
 <?php
 
-function sanitise_intacl(&$item) {
-	$item = '<' . intval(notags(trim($item))) . '>';
-}
-
-
 function sanitise_acl(&$item) {
-	$item = '<' . notags(trim($item)) . '>';
+	$item = '<' . intval(notags(trim($item))) . '>';
 }
 
 function item_post(&$a) {
@@ -35,7 +30,7 @@ function item_post(&$a) {
 	$str_contact_allow = '';
 	$contact_allow = $_POST['contact_allow'];
 	if(is_array($contact_allow)) {
-		array_walk($contact_allow,'sanitise_intacl');
+		array_walk($contact_allow,'sanitise_acl');
 		$str_contact_allow = implode('',$contact_allow);
 	}
 
@@ -49,7 +44,7 @@ function item_post(&$a) {
 	$str_contact_deny = '';
 	$contact_deny = $_POST['contact_deny'];
 	if(is_array($contact_deny)) {
-		array_walk($contact_deny,'sanitise_intacl');
+		array_walk($contact_deny,'sanitise_acl');
 		$str_contact_deny = implode('',$contact_deny);
 	}
 
diff --git a/mod/profile.php b/mod/profile.php
index 37bf04a0c..5a1ac0639 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -170,7 +170,7 @@ function profile_content(&$a) {
 		$gs = '<<>>'; // should be impossible to match
 		if(count($groups)) {
 			foreach($groups as $g)
-				$gs .= '|<' . dbesc($g) . '>';
+				$gs .= '|<' . intval($g) . '>';
 		} 
 		$sql_extra = sprintf(
 			" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
@@ -180,8 +180,8 @@ function profile_content(&$a) {
 
 			intval($_SESSION['visitor_id']),
 			intval($_SESSION['visitor_id']),
-			$gs,
-			$gs
+			dbesc($gs),
+			dbesc($gs)
 		);
 	}