(dev/core#934; followup) Fix escaping on new query code

This updates a line which was added in the past day (civicrm#14194) to ensure that the data is escaped.
totten · May 6, 2019 · e51604e · e51604e
1 parent ffa04b1
commit e51604e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/api/v3/Activity.php b/api/v3/Activity.php
@@ -363,8 +363,9 @@ function _civicrm_activity_get_handleSourceContactNameOrderBy(&$params, &$option
     $sql->join(
       'source_contact',
       "LEFT JOIN
-      civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = $sourceContactID )
-       LEFT JOIN civicrm_contact c ON c.id = ac.contact_id"
+      civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = #sourceContactID)
+       LEFT JOIN civicrm_contact c ON c.id = ac.contact_id",
+      ['sourceContactID' => $sourceContactID]
     );
     $sql->orderBy("c.display_name $order");
     unset($options['sort'], $params['options']['sort']);