From bef3accd2ec05af4b0e739a94ba6b1765246f75e Mon Sep 17 00:00:00 2001
From: eileenmcnaugton <eileen@fuzion.co.nz>
Date: Fri, 22 Apr 2016 20:42:08 +1200
Subject: [PATCH] Sanitise ->interval

---
 CRM/Logging/Differ.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CRM/Logging/Differ.php b/CRM/Logging/Differ.php
index 156fc6a70e..f58ebc8373 100644
--- a/CRM/Logging/Differ.php
+++ b/CRM/Logging/Differ.php
@@ -42,7 +42,7 @@ class CRM_Logging_Differ {
    * Class constructor.
    *
    * @param string $log_conn_id
-   * @param $log_date
+   * @param string $log_date
    * @param string $interval
    */
   public function __construct($log_conn_id, $log_date, $interval = '10 SECOND') {
@@ -144,6 +144,10 @@ LEFT JOIN civicrm_activity_contact source ON source.activity_id = lt.id AND sour
     $logDateClause = '';
     if ($this->log_date) {
       $params[2] = array($this->log_date, 'String');
+      // The format of $this->interval should be something like 10 SECOND. It should not have any '
+      // characters so we don't want to declare it as a string & have them added. But if someone
+      // adds a ' then we want to neuter it.
+      $this->interval = addslashes($this->interval);
       $logDateClause = "
         AND lt.log_date BETWEEN DATE_SUB(%2, INTERVAL {$this->interval}) AND DATE_ADD(%2, INTERVAL {$this->interval})
       ";
-- 
2.25.1