(dev/core#934; followup) Fix escaping on new query code

This updates a line which was added in the past day (#14194) to ensure that
the data is escaped.

diff --git a/api/v3/Activity.php b/api/v3/Activity.php
index de4d1ba783a92d70dc264d0afb23d902c1e7e3a1..89402415080ab20af25349c347c453849845280f 100644 (file)
--- a/api/v3/Activity.php
+++ b/api/v3/Activity.php
@@ -363,8 +363,9 @@ function _civicrm_activity_get_handleSourceContactNameOrderBy(&$params, &$option
     $sql->join(
       'source_contact',
       "LEFT JOIN
-      civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = $sourceContactID )
-       LEFT JOIN civicrm_contact c ON c.id = ac.contact_id"
+      civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = #sourceContactID)
+       LEFT JOIN civicrm_contact c ON c.id = ac.contact_id",
+      ['sourceContactID' => $sourceContactID]
     );
     $sql->orderBy("c.display_name $order");
     unset($options['sort'], $params['options']['sort']);