protect from sql injection

2015-09-02 15:52:54 -07:00 · 2015-09-02 15:52:54 -07:00 · 2a26c898ca
commit 2a26c898ca
parent 3647b74d33
2 changed files with 2 additions and 2 deletions
--- a/include/zot.php
+++ b/include/zot.php
@ -1663,7 +1663,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $

 		$ab = q("select * from abook where abook_channel = %d and abook_xchan = '%s'",
 			intval($channel['channel_id']),
-			$arr['owner_xchan']
+			dbesc($arr['owner_xchan'])
 		);
 		$abook = (($ab) ? $ab[0] : null); 

--- a/version.inc
+++ b/version.inc
@ -1 +1 @@
-2015-09-01.1142
+2015-09-02.1143