From 826a695077d08b6d370bccfbaa655950e2dcb60a Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@status.net>
Date: Fri, 19 Nov 2010 15:06:26 -0800
Subject: Ticket #2797: replace addslashes() with explicit escape calls on the
 DB objects

---
 classes/Queue_item.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/Queue_item.php')

diff --git a/classes/Queue_item.php b/classes/Queue_item.php
index c7e17be6e..007d4ed23 100644
--- a/classes/Queue_item.php
+++ b/classes/Queue_item.php
@@ -32,7 +32,7 @@ class Queue_item extends Memcached_DataObject
         if ($transports) {
             if (is_array($transports)) {
                 // @fixme use safer escaping
-                $list = implode("','", array_map('addslashes', $transports));
+                $list = implode("','", array_map(array($qi, 'escape'), $transports));
                 $qi->whereAdd("transport in ('$list')");
             } else {
                 $qi->transport = $transports;
-- 
cgit v1.2.3-54-g00ecf