From 3caf3cc323cd25b002aa8e44d871d4677da7a029 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 15 May 2012 10:54:18 -0700
Subject: Harden installer against bad characters in the database name or
 prefix.  Fixes #1866.

---
 installer/installer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'installer/installer.php')

diff --git a/installer/installer.php b/installer/installer.php
index decc5629..339a02fd 100644
--- a/installer/installer.php
+++ b/installer/installer.php
@@ -183,7 +183,7 @@ class installer {
   }
 
   static function prepend_prefix($prefix, $sql) {
-    return  preg_replace("#{([a-zA-Z0-9_]+)}#", "{$prefix}$1", $sql);
+    return preg_replace("#{([a-zA-Z0-9_]+)}#", "`{$prefix}$1`", $sql);
   }
 
   static function check_environment() {
-- 
cgit v1.2.3