views_handler_arg_nodetype() ends up calling db_escape_string() twice when filtering. Apparently, that's because add_where() didn't used to support placeholders. See attached patch.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

esmerel’s picture

Status: Needs review » Closed (won't fix)

At this time, only security fixes will be made to the 5.x version of Views.