From 21b7b898fa3d15eb1e0d392882269c5f3b8e8546 Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Thu, 20 Nov 2014 11:04:22 -0800
Subject: [PATCH] web: fix SQL injection vulnerability

---
 html/inc/boinc_db.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/inc/boinc_db.inc b/html/inc/boinc_db.inc
index bf2d1710c4..997ab73c08 100644
--- a/html/inc/boinc_db.inc
+++ b/html/inc/boinc_db.inc
@@ -311,6 +311,7 @@ class BoincResult {
     }
     static function lookup_name($name) {
         $db = BoincDb::get();
+        $name = BoincDb::escape_string($name);
         return $db->lookup('result', 'BoincResult', "name='$name'");
     }
     function delete() {