From 4b134dfc9e380bc380f90cb51a9f9d5099a143b8 Mon Sep 17 00:00:00 2001
From: Nathan Gray <nathangray.bsc@gmail.com>
Date: Thu, 1 Apr 2010 20:19:28 +0000
Subject: [PATCH] Extra column check needs to be escaped

---
 etemplate/inc/class.so_sql.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etemplate/inc/class.so_sql.inc.php b/etemplate/inc/class.so_sql.inc.php
index d03bb4678b..108f49e32b 100644
--- a/etemplate/inc/class.so_sql.inc.php
+++ b/etemplate/inc/class.so_sql.inc.php
@@ -1164,7 +1164,7 @@ class so_sql
 		// OR extra column on the end so a null or blank won't block a hit in the main columns
 		if ($extra_col) 
 		{
-			$result .= (strlen($result) ? ' OR ' : ' ') . "$extra_col = $pattern";
+			$result .= (strlen($result) ? ' OR ' : ' ') . "$extra_col = " . $GLOBALS['egw']->db->quote($pattern);
 		}
 
 		$op = 'OR';