harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix mid not dbesc'd. the comment was no longer true. this fixes an issue with mid's that contain single quotes

Browse Source
This commit is contained in:
Mario Vavti 2019-06-21 10:37:09 +02:00
parent 24b0f8e27e
commit 3dd6499ac4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/items.php
View File

@ -2012,7 +2012,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
// find the item we just created // find the item we just created
$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d and revision = %d ORDER BY id ASC ", $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d and revision = %d ORDER BY id ASC ",
$arr['mid'], // already dbesc'd dbesc($arr['mid']),
intval($arr['uid']), intval($arr['uid']),
intval($arr['revision']) intval($arr['revision'])
); );
@ -2033,7 +2033,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
if(count($r) > 1) { if(count($r) > 1) {
logger('item_store: duplicated post occurred. Removing duplicates.'); logger('item_store: duplicated post occurred. Removing duplicates.');
q("DELETE FROM item WHERE mid = '%s' AND uid = %d AND id != %d ", q("DELETE FROM item WHERE mid = '%s' AND uid = %d AND id != %d ",
$arr['mid'], dbesc($arr['mid']),
intval($arr['uid']), intval($arr['uid']),
intval($current_post) intval($current_post)
); );