From 8f74b23dd23d2cdbe723158dc0666bff6bd62887 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 12 Mar 2015 04:45:24 -0400
Subject: [PATCH] Fix backtick character handling in sql queries (#1490312)

---
 program/lib/Roundcube/rcube_db.php |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/program/lib/Roundcube/rcube_db.php b/program/lib/Roundcube/rcube_db.php
index 2cacb30..a31b200 100644
--- a/program/lib/Roundcube/rcube_db.php
+++ b/program/lib/Roundcube/rcube_db.php
@@ -448,9 +448,14 @@
             }
         }
 
-        // replace escaped '?' back to normal, see self::quote()
-        $query = str_replace('??', '?', $query);
         $query = rtrim($query, " \t\n\r\0\x0B;");
+
+        // replace escaped '?' and quotes back to normal, see self::quote()
+        $query = str_replace(
+            array('??', self::DEFAULT_QUOTE.self::DEFAULT_QUOTE),
+            array('?', self::DEFAULT_QUOTE),
+            $query
+        );
 
         // log query
         $this->debug($query);
@@ -515,9 +520,6 @@
                 $pos++;
             }
         }
-
-        // replace escaped quote back to normal, see self::quote()
-        $query = str_replace($quote.$quote, $quote, $query);
 
         return $query;
     }

--
Gitblit v1.9.1