From 2f2782ed1e1afe1c19f8571a3aa7216157832480 Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Fri, 15 Jan 2021 13:39:12 +0100 Subject: [PATCH] [ticket/16685] Fix SQL error in ACP for DB name if not correctly escaped PHPBB3-16685 --- phpBB/includes/functions_admin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 6774d8dc8d..5bcad7b11d 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2847,7 +2847,7 @@ function get_database_size() $database_size = 0; $sql = 'SHOW TABLE STATUS - FROM ' . $db_name; + FROM ' . $db->sql_quote($db_name); $result = $db->sql_query($sql, 7200); while ($row = $db->sql_fetchrow($result))