From 496972bf95e2ddbf01cb5e50a6a594615744d942 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 12 Mar 2015 09:44:31 +0100
Subject: Fix backtick character handling in sql queries (#1490312)

---
 program/lib/Roundcube/rcube_db_oracle.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'program/lib/Roundcube/rcube_db_oracle.php')

diff --git a/program/lib/Roundcube/rcube_db_oracle.php b/program/lib/Roundcube/rcube_db_oracle.php
index 34e4e69f8..bb033884c 100644
--- a/program/lib/Roundcube/rcube_db_oracle.php
+++ b/program/lib/Roundcube/rcube_db_oracle.php
@@ -155,10 +155,15 @@ class rcube_db_oracle extends rcube_db
             }
         }
 
-        // replace escaped '?' back to normal, see self::quote()
-        $query = str_replace('??', '?', $query);
         $query = rtrim($query, " \t\n\r\0\x0B;");
 
+        // replace escaped '?' and quotes back to normal, see self::quote()
+        $query = str_replace(
+            array('??', self::DEFAULT_QUOTE.self::DEFAULT_QUOTE),
+            array('?', self::DEFAULT_QUOTE),
+            $query
+        );
+
         // log query
         $this->debug($query);
 
-- 
cgit v1.2.3