From 3caf3cc323cd25b002aa8e44d871d4677da7a029 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 15 May 2012 10:54:18 -0700
Subject: Harden installer against bad characters in the database name or
 prefix.  Fixes #1866.

---
 modules/gallery/libraries/MY_Database.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/libraries')

diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php
index f3cace4d..fb54bfcd 100644
--- a/modules/gallery/libraries/MY_Database.php
+++ b/modules/gallery/libraries/MY_Database.php
@@ -65,14 +65,14 @@ abstract class Database extends Database_Core {
       $open_brace = strpos($sql, "TO {") + 4;
       $close_brace = strpos($sql, "}", $open_brace);
       $name = substr($sql, $open_brace, $close_brace - $open_brace);
-      $this->_table_names["{{$name}}"] = "{$prefix}$name";
+      $this->_table_names["{{$name}}"] = "`{$prefix}$name`";
     }
 
     if (!isset($this->_table_names)) {
       // This should only run once on the first query
       $this->_table_names = array();
       foreach($this->list_tables() as $table_name) {
-        $this->_table_names["{{$table_name}}"] = $prefix . $table_name;
+        $this->_table_names["{{$table_name}}"] = "`{$prefix}{$table_name}`";
       }
     }
 
-- 
cgit v1.2.3