fix sql injection vulnerability

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4878 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/privmsg.php

@@ -212,7 +212,7 @@ else if ( $mode == 'read' )
 			break;
 		case 'savebox':
 			$l_box_name = $lang['Savebox'];
-			$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
+			$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) 
 				OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )