Added addslashes() to check for existing users, because some characters

can break the query (old users containing ', for example).

diff --git a/backup/restorelib.php b/backup/restorelib.php
index f2cb989a4be3c1bf428145119699a3740cde1d06..0c1ac79bbe61b57ed6d98cc58c0ada490f44fb6c 100644 (file)
--- a/backup/restorelib.php
+++ b/backup/restorelib.php
@@ -513,7 +513,7 @@
                 $newid=null;
                 //check if it exists (by username) and get its id
                 $user_exists = true;
-                $user_data = get_record("user","username",$user->username);
+                $user_data = get_record("user","username",addslashes($user->username));
                 if (!$user_data) {
                     $user_exists = false;
                 } else {