From: Tim Otten Date: Mon, 6 May 2019 19:34:37 +0000 (-0700) Subject: (dev/core#934; followup) Fix escaping on new query code X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=c2068a3eafd87f87d66591eabfee14ada11a2680;p=civicrm-core.git (dev/core#934; followup) Fix escaping on new query code This updates a line which was added in the past day (#14194) to ensure that the data is escaped. --- diff --git a/api/v3/Activity.php b/api/v3/Activity.php index de4d1ba783..8940241508 100644 --- a/api/v3/Activity.php +++ b/api/v3/Activity.php @@ -363,8 +363,9 @@ function _civicrm_activity_get_handleSourceContactNameOrderBy(&$params, &$option $sql->join( 'source_contact', "LEFT JOIN - civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = $sourceContactID ) - LEFT JOIN civicrm_contact c ON c.id = ac.contact_id" + civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = #sourceContactID) + LEFT JOIN civicrm_contact c ON c.id = ac.contact_id", + ['sourceContactID' => $sourceContactID] ); $sql->orderBy("c.display_name $order"); unset($options['sort'], $params['options']['sort']);