From 9442ad15096c779cfc655f81f4decfb8e436a8b2 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 10 Apr 2009 20:23:27 +0200
Subject: [PATCH] escape UID in Postgres auth backend FS#1660

Ignore-this: 86a837e91f1f0cdcdcbdea0525901f2

darcs-hash:20090410182327-7ad00-95db727afb77ce34d9b7c2f3d0e99a28fbdfbbd4.gz
---
 inc/auth/pgsql.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/auth/pgsql.class.php b/inc/auth/pgsql.class.php
index 010b0f6d5..a6da56af5 100644
--- a/inc/auth/pgsql.class.php
+++ b/inc/auth/pgsql.class.php
@@ -196,7 +196,7 @@ class auth_pgsql extends auth_mysql {
         $sql = $this->cnf['addUserGroup'];
         if(strpos($sql,'%{uid}') !== false){
             $uid = $this->_getUserID($user);
-            $sql = str_replace('%{uid}', $uid, $sql);
+            $sql = str_replace('%{uid}', addslashes($uid), $sql);
         }
         $sql = str_replace('%{user}', addslashes($user),$sql);
         $sql = str_replace('%{gid}',  addslashes($gid),$sql);
-- 
GitLab