From 5f19ff92cb490919d6ec2aef7a1126012dbba717 Mon Sep 17 00:00:00 2001
From: Eileen McNaughton <eileen@mcnaughty.com>
Date: Sun, 16 Aug 2015 10:33:59 +1200
Subject: [PATCH] Validate record_type as being an integer.

data comes from an option-group, and option-groups are web-editable.
---
 api/v3/Activity.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/v3/Activity.php b/api/v3/Activity.php
index 6fcbafdc88..0157933c54 100644
--- a/api/v3/Activity.php
+++ b/api/v3/Activity.php
@@ -254,7 +254,7 @@ function civicrm_api3_activity_get($params) {
       if (!empty($params[$activityContactName])) {
         $extraSql['join'][] = array(
           'activity_' . $activityContactName => '
-          LEFT JOIN civicrm_activity_contact ac ON a.id = ac.activity_id AND ac.record_type_id = ' . $activityContactValue,
+          LEFT JOIN civicrm_activity_contact ac ON a.id = ac.activity_id AND ac.record_type_id = ' . (int) $activityContactValue,
         );
         // Note that if we later need to change the int to an array we would need sql escaping.
         $extraSql['where'] = array('activity_' . $activityContactName => 'ac.contact_id = ' . (int) $params[$activityContactName]);
-- 
2.25.1