From 8f0317681fd7afba7a74957cac75945869d4aaa2 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 22 Aug 2005 23:30:12 +0000
Subject: [PATCH] * (bug 3227) Fix SQL injection introduced in experimental
 code

---
 RELEASE-NOTES         | 1 +
 includes/EditPage.php | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 988bf2481a..1a2d7ef738 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -44,6 +44,7 @@ Misc work going on.....
 * (bug 3216) Don't show empty warning page when no warnings.
 * (bug 3218) Use proper quoting on history Compare Revisions button
 * (bug 3220) Fix escaping of block URLs in Recentchanges
+* (bug 3227) Fix SQL injection introduced in experimental code
 
 
 === Caveats ===
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 827740b841..df6d3a29cd 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -949,10 +949,10 @@ END
 			       'log_comment',
 			       'log_params',
 			       'user_name', ),
-			array( 'log_namespace="' . $this->mTitle->getNamespace() . '"',
-			       'log_title="' . $this->mTitle->getDBkey() . '"',
-			       'log_type="delete"',
-			       'log_action="delete"',
+			array( 'log_namespace' => $this->mTitle->getNamespace(),
+			       'log_title' => $this->mTitle->getDBkey(),
+			       'log_type' => 'delete',
+			       'log_action' => 'delete',
 			       'user_id=log_user' ),
 			$fname,
 			array( 'LIMIT' => 1, 'ORDER BY' => 'log_timestamp DESC' ) );
-- 
2.20.1