From a250de25670fd7359380d3bfc672c6dd069cb281 Mon Sep 17 00:00:00 2001
From: Bryan Tong Minh <btongminh@users.mediawiki.org>
Date: Fri, 13 Jun 2008 13:22:50 +0000
Subject: [PATCH] (bug 14526) Unescaped SQL in list=backlinks

---
 RELEASE-NOTES                      | 1 +
 includes/api/ApiQueryBacklinks.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d621d0d2cc..ae413a562c 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -444,6 +444,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Added action=emailuser to send an email to a user
 * (bug 14471) Use HTMLTidy and generate limit report in action=parse
 * (bug 14459) Added prependtext and appendtext parameters to action=edit
+* (bug 14526) Unescaped SQL in list=backlinks
 
 === Languages updated in 1.13 ===
 
diff --git a/includes/api/ApiQueryBacklinks.php b/includes/api/ApiQueryBacklinks.php
index 0ae3681565..6289ce628d 100644
--- a/includes/api/ApiQueryBacklinks.php
+++ b/includes/api/ApiQueryBacklinks.php
@@ -141,7 +141,7 @@ class ApiQueryBacklinks extends ApiQueryGeneratorBase {
 		$titleWhere = '';
 		foreach($this->redirTitles as $t)
 			$titleWhere .= ($titleWhere != '' ? " OR " : '') .
-					"({$this->bl_title} = '{$t->getDBKey()}'" .
+					"({$this->bl_title} = ".$db->addQuotes($t->getDBKey()).
 					($this->hasNS ? " AND {$this->bl_ns} = '{$t->getNamespace()}'" : "") .
 					")";
 		$this->addWhere($titleWhere);
-- 
2.20.1