Disable hack to Database::escape_string() to avoid SQL injections - partial - refs #7440

main/inc/lib/database.lib.php

@@ -472,9 +472,11 @@ class Database
     {
         // Fixes security problem when there's no "" or '' between a variable.
         // See #7440 for more info
+        /*
         if ($addFix) {
             $string = "__@$string@__";
         }
+        */
         return get_magic_quotes_gpc()
             ? (self::use_default_connection($connection)
                 ? mysql_real_escape_string(stripslashes($string))
@@ -748,7 +750,7 @@ class Database
             $connection = null;
         }
 
-        $query = self::fixQuery($query);
+        //$query = self::fixQuery($query);
 
         // Check if the table contains a c_ (means a course id)
         if (api_get_setting('server_type') === 'test' && strpos($query, 'c_')) {