(bug 14526) Unescaped SQL in list=backlinks

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d621d0d..ae413a5 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -444,6 +444,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Added action=emailuser to send an email to a user
 * (bug 14471) Use HTMLTidy and generate limit report in action=parse
 * (bug 14459) Added prependtext and appendtext parameters to action=edit
+* (bug 14526) Unescaped SQL in list=backlinks
 
 === Languages updated in 1.13 ===
 

diff --git a/includes/api/ApiQueryBacklinks.php b/includes/api/ApiQueryBacklinks.php
index 0ae3681..6289ce6 100644 (file)
--- a/includes/api/ApiQueryBacklinks.php
+++ b/includes/api/ApiQueryBacklinks.php
@@ -141,7 +141,7 @@ class ApiQueryBacklinks extends ApiQueryGeneratorBase {
                $titleWhere = '';
                foreach($this->redirTitles as $t)
                        $titleWhere .= ($titleWhere != '' ? " OR " : '') .
-                                       "({$this->bl_title} = '{$t->getDBKey()}'" .
+                                       "({$this->bl_title} = ".$db->addQuotes($t->getDBKey()).
                                        ($this->hasNS ? " AND {$this->bl_ns} = '{$t->getNamespace()}'" : "") .
                                        ")";
                $this->addWhere($titleWhere);