Replace addslashes with Database::addQuotes()

diff --git a/includes/db/Database.php b/includes/db/Database.php
index 174b8f2..8f19635 100644 (file)
--- a/includes/db/Database.php
+++ b/includes/db/Database.php
@@ -2478,7 +2478,7 @@ abstract class DatabaseBase implements DatabaseType {
                // Ordinary variables
                foreach ( $varnames as $var ) {
                        if ( isset( $GLOBALS[$var] ) ) {
-                               $val = addslashes( $GLOBALS[$var] ); // FIXME: safety check?
+                               $val = $this->addQuotes( $GLOBALS[$var] ); // FIXME: safety check?
                                $ins = str_replace( '{$' . $var . '}', $val, $ins );
                                $ins = str_replace( '/*$' . $var . '*/`', '`' . $val, $ins );
                                $ins = str_replace( '/*$' . $var . '*/', $val, $ins );

diff --git a/includes/db/DatabaseOracle.php b/includes/db/DatabaseOracle.php
index be974d6..42b798e 100644 (file)
--- a/includes/db/DatabaseOracle.php
+++ b/includes/db/DatabaseOracle.php
@@ -1348,7 +1348,7 @@ class DatabaseOracle extends DatabaseBase {
                // Ordinary variables
                foreach ( $varnames as $var ) {
                        if ( isset( $GLOBALS[$var] ) ) {
-                               $val = addslashes( $GLOBALS[$var] ); // FIXME: safety check?
+                               $val = $this->addQuotes( $GLOBALS[$var] ); // FIXME: safety check?
                                $ins = str_replace( '{$' . $var . '}', $val, $ins );
                                $ins = str_replace( '/*$' . $var . '*/`', '`' . $val, $ins );
                                $ins = str_replace( '/*$' . $var . '*/', $val, $ins );