From 3a4b57ef52c8002197d215413ec857f72f8387cf Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Thu, 27 May 2010 18:32:00 +0200
Subject: [PATCH] Database::escape_string added

---
 main/inc/lib/fileManage.lib.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/main/inc/lib/fileManage.lib.php b/main/inc/lib/fileManage.lib.php
index 2c6a87d13d..a8bbbc32c8 100755
--- a/main/inc/lib/fileManage.lib.php
+++ b/main/inc/lib/fileManage.lib.php
@@ -30,6 +30,7 @@ function update_db_info($action, $old_path, $new_path = '') {
         	$query = "DELETE FROM `$dbTable`
     		WHERE path='".$old_path."' OR path LIKE '".$old_path."/%'";
         */
+        $old_path = Database::escape_string($old_path);
         $to_delete = "WHERE path LIKE BINARY '".$old_path."' OR path LIKE BINARY '".$old_path."/%'";
         $query = "DELETE FROM $dbTable " . $to_delete;
 
@@ -65,6 +66,7 @@ function update_db_info($action, $old_path, $new_path = '') {
 		//WHERE path = '".$old_path."' OR path LIKE '".$old_path."/%'";
 
 		// Attempt to update	- tested & working for root	dir
+		$new_path = Database::escape_string($new_path);
 		$query = "UPDATE $dbTable
 		SET path = CONCAT('".$new_path."', SUBSTRING(path, LENGTH('".$old_path."')+1) )
 		WHERE path LIKE BINARY '".$old_path."' OR path LIKE BINARY '".$old_path."/%'";