From 3dd6499ac4bfbb7ef52ba3a224ec7a35ff481a48 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Fri, 21 Jun 2019 10:37:09 +0200
Subject: fix mid not dbesc'd. the comment was no longer true. this fixes an
 issue with mid's that contain single quotes

---
 include/items.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/items.php')

diff --git a/include/items.php b/include/items.php
index d2dba9677..4fc659926 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2012,7 +2012,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
 	// find the item we just created
 
 	$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d and revision = %d ORDER BY id ASC ",
-		$arr['mid'],           // already dbesc'd
+		dbesc($arr['mid']),
 		intval($arr['uid']),
 		intval($arr['revision'])
 	);
@@ -2033,7 +2033,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
 	if(count($r) > 1) {
 		logger('item_store: duplicated post occurred. Removing duplicates.');
 		q("DELETE FROM item WHERE mid = '%s' AND uid = %d AND id != %d ",
-			$arr['mid'],
+			dbesc($arr['mid']),
 			intval($arr['uid']),
 			intval($current_post)
 		);
-- 
cgit v1.2.3