$since_id = (int)db_escape_string($this->link, $_REQUEST["since_id"]);
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$sanitize_content = true;
+
$override_order = false;
switch ($_REQUEST["order_by"]) {
case "date_reverse":
$override_order = "updated DESC";
break;
}
+
/* do not rely on params below */
$search = db_escape_string($this->link, $_REQUEST["search"]);