From 2a26c898cafb3523b2e6c8b8b499402befc0c442 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Wed, 2 Sep 2015 15:52:54 -0700
Subject: protect from sql injection

---
 include/zot.php | 2 +-
 version.inc     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/zot.php b/include/zot.php
index 55870c2b9..0376dc7f5 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1663,7 +1663,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 
 		$ab = q("select * from abook where abook_channel = %d and abook_xchan = '%s'",
 			intval($channel['channel_id']),
-			$arr['owner_xchan']
+			dbesc($arr['owner_xchan'])
 		);
 		$abook = (($ab) ? $ab[0] : null); 
 
diff --git a/version.inc b/version.inc
index bfff44914..da2499cde 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2015-09-01.1142
+2015-09-02.1143
-- 
cgit v1.2.3