Properly escape SQL table.

e2f99d4e · Larry Garfield · Alex Bronstein · 07a81f6d · e2f99d4e
Commit e2f99d4e authored 12 years ago by Larry Garfield Committed by Alex Bronstein 12 years ago
--- a/core/lib/Drupal/Core/Routing/PathMatcher.php
+++ b/core/lib/Drupal/Core/Routing/PathMatcher.php
@@ -62,7 +62,7 @@ public function matchRequestPartial(Request $request) {

    $ancestors = $this->getCandidateOutlines($parts);

-    $routes = $this->connection->query("SELECT name, route FROM {{$this->tableName}} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
+    $routes = $this->connection->query("SELECT name, route FROM {" . $this->connection->escapeTable($this->tableName) . "} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
      ':patterns' => $ancestors,
    ))
    ->fetchAllKeyed();