Harden installer against bad characters in the database name or prefix. Fixes #1866.

author: Bharat Mediratta <bharat@menalto.com> 2012-05-15 10:54:18 -0700
committer: Bharat Mediratta <bharat@menalto.com> 2012-05-15 10:54:51 -0700
commit: 3caf3cc323cd25b002aa8e44d871d4677da7a029 (patch)
tree: 88eb60518213c537b64a10d0f27061ae5772a07c /modules
parent: 05b50f2edfdc24d23e5e072ee3831ca12c003543 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php
index f3cace4d..fb54bfcd 100644
--- a/modules/gallery/libraries/MY_Database.php
+++ b/modules/gallery/libraries/MY_Database.php
@@ -65,14 +65,14 @@ abstract class Database extends Database_Core {
       $open_brace = strpos($sql, "TO {") + 4;
       $close_brace = strpos($sql, "}", $open_brace);
       $name = substr($sql, $open_brace, $close_brace - $open_brace);
-      $this->_table_names["{{$name}}"] = "{$prefix}$name";
+      $this->_table_names["{{$name}}"] = "`{$prefix}$name`";
     }
 
     if (!isset($this->_table_names)) {
       // This should only run once on the first query
       $this->_table_names = array();
       foreach($this->list_tables() as $table_name) {
-        $this->_table_names["{{$table_name}}"] = $prefix . $table_name;
+        $this->_table_names["{{$table_name}}"] = "`{$prefix}{$table_name}`";
       }
     }
author	Bharat Mediratta <bharat@menalto.com>	2012-05-15 10:54:18 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2012-05-15 10:54:51 -0700
commit	3caf3cc323cd25b002aa8e44d871d4677da7a029 (patch)
tree	88eb60518213c537b64a10d0f27061ae5772a07c /modules
parent	05b50f2edfdc24d23e5e072ee3831ca12c003543 (diff)