From 92e1cd86a6c4691a0aac7c90a92ac0cd965ea068 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <yannick.warnier@beeznest.com>
Date: Thu, 29 Nov 2007 06:16:46 +0100
Subject: [PATCH] [svn r13847] Minor - Added a bit of filtering against SQL
 injection in get_all_document_data()

---
 main/inc/lib/document.lib.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php
index 9b8eb95ca2..77bbf8163a 100644
--- a/main/inc/lib/document.lib.php
+++ b/main/inc/lib/document.lib.php
@@ -500,7 +500,9 @@ class DocumentManager
 		}
 
 		//escape underscores in the path so they don't act as a wildcard
-		$path = str_replace('_', '\_', $path);
+		$path 		= Database::escape_string(str_replace('_', '\_', $path));
+		$to_user_id = Database::escape_string($to_user_id);
+		$to_value	= Database::escape_string($to_value);
 
 		//if they can't see invisible files, they can only see files with visibility 1
 		$visibility_bit = ' = 1';