diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2012-05-15 10:54:18 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2012-05-15 10:54:51 -0700 |
| commit | 3caf3cc323cd25b002aa8e44d871d4677da7a029 (patch) | |
| tree | 88eb60518213c537b64a10d0f27061ae5772a07c /installer/installer.php | |
| parent | 05b50f2edfdc24d23e5e072ee3831ca12c003543 (diff) | |
Harden installer against bad characters in the database name or prefix. Fixes #1866.
Diffstat (limited to 'installer/installer.php')
| -rw-r--r-- | installer/installer.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/installer/installer.php b/installer/installer.php index decc5629..339a02fd 100644 --- a/installer/installer.php +++ b/installer/installer.php @@ -183,7 +183,7 @@ class installer { } static function prepend_prefix($prefix, $sql) { - return preg_replace("#{([a-zA-Z0-9_]+)}#", "{$prefix}$1", $sql); + return preg_replace("#{([a-zA-Z0-9_]+)}#", "`{$prefix}$1`", $sql); } static function check_environment() { |