From 510cc212c858b81fb7c0069bd27d9a3a2b1abfba Mon Sep 17 00:00:00 2001
From: Alex Dehnert <adehnert@mit.edu>
Date: Sat, 19 Mar 2011 08:01:07 +0000
Subject: [PATCH] Fix SQL injection vulnerability in DB deletion

git-svn-id: svn://sql.mit.edu/sql@190 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---
 lib/security.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/security.lib.php b/lib/security.lib.php
index eeb44a8..1ac2849 100644
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -392,7 +392,7 @@ function delDB($dbname) {
 	$arr['bEnabled'] = 0;
 	$sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'",
 					buildSQLSet($arr),
-					$dbname);
+					mysql_escape_string($dbname));
 	DBUpdate($sql);
 
 	return true;
-- 
2.45.1