From c86acbf3ed49f69cf38b31879886dd5eb86b6983 Mon Sep 17 00:00:00 2001
From: William Desportes <williamdes@wdes.fr>
Date: Wed, 1 Jan 2020 13:54:59 +0100
Subject: [PATCH] Fix sql injection in user exists request

Signed-off-by: William Desportes <williamdes@wdes.fr>
---
 libraries/classes/Server/Privileges.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php
index c731bdcc9334..0e3e4a9fa3d1 100644
--- a/libraries/classes/Server/Privileges.php
+++ b/libraries/classes/Server/Privileges.php
@@ -3067,7 +3067,7 @@ public static function getExtraDataForAjaxBehavior(
 
         if (isset($_GET['validate_username'])) {
             $sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
-                . $_GET['username'] . "';";
+                . $GLOBALS['dbi']->escapeString($_GET['username']) . "';";
             $res = $GLOBALS['dbi']->query($sql_query);
             $row = $GLOBALS['dbi']->fetchRow($res);
             if (empty($row)) {