Ticket #2797: replace addslashes() with explicit escape calls on the DB objects

author: Brion Vibber <brion@status.net> 2010-11-19 15:06:26 -0800
committer: Brion Vibber <brion@status.net> 2010-11-19 15:06:26 -0800
commit: 826a695077d08b6d370bccfbaa655950e2dcb60a (patch)
tree: 96f21d9144903799355e2d28aae2233d5fbd5151 /classes/Queue_item.php
parent: e0e7cb7c5376a7adfdcf8e0724aedfae3de471ef (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/classes/Queue_item.php b/classes/Queue_item.php
index c7e17be6e..007d4ed23 100644
--- a/classes/Queue_item.php
+++ b/classes/Queue_item.php
@@ -32,7 +32,7 @@ class Queue_item extends Memcached_DataObject
         if ($transports) {
             if (is_array($transports)) {
                 // @fixme use safer escaping
-                $list = implode("','", array_map('addslashes', $transports));
+                $list = implode("','", array_map(array($qi, 'escape'), $transports));
                 $qi->whereAdd("transport in ('$list')");
             } else {
                 $qi->transport = $transports;
author	Brion Vibber <brion@status.net>	2010-11-19 15:06:26 -0800
committer	Brion Vibber <brion@status.net>	2010-11-19 15:06:26 -0800
commit	826a695077d08b6d370bccfbaa655950e2dcb60a (patch)
tree	96f21d9144903799355e2d28aae2233d5fbd5151 /classes/Queue_item.php
parent	e0e7cb7c5376a7adfdcf8e0724aedfae3de471ef (diff)