From 40df1aeabe36f7c5539f0571c96574a067c408d3 Mon Sep 17 00:00:00 2001
From: "Michael J. Rubinsky" <mrubinsk@horde.org>
Date: Thu, 18 Mar 2010 12:54:37 -0400
Subject: [PATCH] Properly quote the search term.

Bug: 8919
---
 ansel/lib/Storage.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansel/lib/Storage.php b/ansel/lib/Storage.php
index 901899fc7..4c791de56 100644
--- a/ansel/lib/Storage.php
+++ b/ansel/lib/Storage.php
@@ -1162,7 +1162,8 @@ class Ansel_Storage
     {
         $sql = 'SELECT DISTINCT image_location, image_latitude, image_longitude FROM ansel_images WHERE LENGTH(image_location) > 0';
         if (strlen($search)) {
-            $sql .= ' AND image_location LIKE "' . $search . '%"';
+            $sql .= ' AND image_location LIKE "' . $GLOBALS['ansel_db']->quote("$search%");
+
         }
         Horde::logMessage(sprintf("SQL QUERY BY Ansel_Storage::searchLocations: %s", $sql), 'DEBUG');
         $results = $this->_db->query($sql);
-- 
2.11.0