Commit e51604e3 authored by totten's avatar totten

(#934; followup) Fix escaping on new query code

This updates a line which was added in the past day (#14194) to ensure that
the data is escaped.
parent ffa04b14
......@@ -363,8 +363,9 @@ function _civicrm_activity_get_handleSourceContactNameOrderBy(&$params, &$option
$sql->join(
'source_contact',
"LEFT JOIN
civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = $sourceContactID )
LEFT JOIN civicrm_contact c ON c.id = ac.contact_id"
civicrm_activity_contact ac ON (ac.activity_id = a.id AND record_type_id = #sourceContactID)
LEFT JOIN civicrm_contact c ON c.id = ac.contact_id",
['sourceContactID' => $sourceContactID]
);
$sql->orderBy("c.display_name $order");
unset($options['sort'], $params['options']['sort']);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment