From b902a2bdf37c5f50ba54873c092e29ef1f8b4567 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 6 Aug 2004 19:17:49 +0000
Subject: [PATCH] Protect against SQL insertion attacks in page move category
 update.

---
 includes/Title.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/Title.php b/includes/Title.php
index b224ad0a6f..74c11c5676 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -902,7 +902,9 @@ class Title {
 		# Fixing category links (those without piped 'alternate' names) to be sorted under the new title
 		
 		$dbw =& wfGetDB( DB_MASTER );
-		$sql = "UPDATE categorylinks SET cl_sortkey=\"" . $nt->getPrefixedText() . "\" WHERE cl_from=\"" .$this->getArticleID() . "\" AND cl_sortkey=\"" . $this->getPrefixedText() . "\"" ;
+		$sql = "UPDATE categorylinks SET cl_sortkey=" . $dbw->addQuotes( $nt->getPrefixedText() ) .
+			" WHERE cl_from=" . $dbw->addQuotes( $this->getArticleID() ) .
+			" AND cl_sortkey=" . $dbw->addQuotes( $this->getPrefixedText() );
 		$dbw->query( $sql, "SpecialMovepage::doSubmit" );
 		
 
-- 
2.20.1