]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - classes/Profile.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Escape $tag passed to Profile::getTaggedSubscribers()
[quix0rs-gnu-social.git] / classes / Profile.php
diff --git a/classes/Profile.php b/classes/Profile.php
index cefcaf90b5b6a31823163bf27cfd50c8dd873ff6..540699eb3afdb692de6f1dfd5e3d5177061a8660 100644 (file)
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -682,7 +682,7 @@ class Profile extends Managed_DataObject
         $profile = new Profile();
         $tagged = array();
 
-        $cnt = $profile->query(sprintf($qry, $this->id, $this->id, $tag));
+        $cnt = $profile->query(sprintf($qry, $this->id, $this->id, $profile->escape($tag)));
 
         while ($profile->fetch()) {
             $tagged[] = clone($profile);
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)