From 9f3de99946cb8bc99d24263cad2f1956f3f8de40 Mon Sep 17 00:00:00 2001
From: Leendert Bottelberghs <bottelberghs@webgui-cvs>
Date: Thu, 12 Aug 2004 12:53:11 +0000
Subject: [PATCH] Added missing quotes in SQL queries.

---
 lib/WebGUI/Forum/UI.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/WebGUI/Forum/UI.pm b/lib/WebGUI/Forum/UI.pm
index 29abfb04a..520b82ccd 100644
--- a/lib/WebGUI/Forum/UI.pm
+++ b/lib/WebGUI/Forum/UI.pm
@@ -1096,7 +1096,7 @@ sub getForumTemplateVars {
         $var{"thread.replies.label"} = WebGUI::International::get(1016);
 	$var{'thread.rating.label'} = WebGUI::International::get(1020);
         $var{"thread.last.label"} = WebGUI::International::get(1017);
-	my $query = "select * from forumThread where forumId=".$forum->get("forumId")." and ";
+	my $query = "select * from forumThread where forumId=".quote($forum->get("forumId"))." and ";
 	if ($forum->isModerator) {
 		$query .= "(status='approved' or status='pending')";
 	} else {