bug 1046: escape quotes in fix_assurer_flag-queries
authorFelix Dörre <felix@dogcraft.de>
Tue, 5 May 2015 18:02:19 +0000 (20:02 +0200)
committerFelix Dörre <felix@dogcraft.de>
Tue, 5 May 2015 18:03:50 +0000 (20:03 +0200)
includes/lib/account.php

index 6e17dda..f9c1399 100644 (file)
@@ -49,7 +49,7 @@ function fix_assurer_flag($userID = NULL)
                        )
                        AND (
                                SELECT SUM(`awarded`) FROM `notary` AS `n`
-                               WHERE `n`.`to` = `u`.`id` AND `n`.`method` != 'Administrative Increase' AND `n`.`from` != `n`.`to`
+                               WHERE `n`.`to` = `u`.`id` AND `n`.`method` != \'Administrative Increase\' AND `n`.`from` != `n`.`to`
                                        AND (`n`.`expire` > now()
                                             OR `n`.`expire` IS NULL)
                                        AND `n`.`deleted` = 0
@@ -82,7 +82,7 @@ function fix_assurer_flag($userID = NULL)
                                )
                                OR (
                                        SELECT SUM(`awarded`) FROM `notary` AS `n`
-                                       WHERE `n`.`to` = `u`.`id` AND `n`.`method` != 'Administrative Increase' AND `n`.`from` != `n`.`to`
+                                       WHERE `n`.`to` = `u`.`id` AND `n`.`method` != \'Administrative Increase\' AND `n`.`from` != `n`.`to`
                                                AND (
                                                        `n`.`expire` > now()
                                                        OR `n`.`expire` IS NULL