From a10b3ade4d3d60e9ddc11c2ab6dc011656e6b93c Mon Sep 17 00:00:00 2001
From: defacer <defacer>
Date: Thu, 9 Sep 2004 10:56:57 +0000
Subject: [PATCH] addslashes() on messages from users before inserting into db.

---
 mod/chat/chatd.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/mod/chat/chatd.php b/mod/chat/chatd.php
index 5d9f8a92d24b1..f940efe49a28a 100755
--- a/mod/chat/chatd.php
+++ b/mod/chat/chatd.php
@@ -408,9 +408,16 @@ function dispatch_sidekick($handle, $type, $sessionid, $customdata) {
                     break;
                 }
 
+                // A slight hack to prevent malformed SQL inserts
+                $origmsg = $msg->message;
+                $msg->message = addslashes($msg->message);
+
                 // Commit to DB
                 insert_record('chat_messages', $msg);
 
+                // Undo the hack
+                $msg->message = $origmsg;
+
                 // OK, now push it out to all users
                 $this->message_broadcast($msg, $this->sets_info[$sessionid]['user']);