From bed7d8cee603a86cbd8b2e7f3656f4891204f9a2 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Sun, 5 Dec 2010 05:30:37 +0000
Subject: [PATCH] BUGFIX Escaping $locale values in Translatable->augmentSQL()
 in addition to the i18n::validate_locale() input validation (from r114515)
 (from r114516)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114517 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 core/model/Translatable.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/model/Translatable.php b/core/model/Translatable.php
index ef03d8e72..1d1e1a6c0 100755
--- a/core/model/Translatable.php
+++ b/core/model/Translatable.php
@@ -475,7 +475,7 @@ class Translatable extends DataObjectDecorator {
 			&& !preg_match('/("|\')Lang("|\')/', $query->getFilter())
 			//&& !$query->filtersOnFK()
 		)  {
-			$qry = sprintf('`%s`.`Locale` = \'%s\'', $baseTable, $locale);
+			$qry = sprintf('`%s`.`Locale` = \'%s\'', $baseTable, Convert::raw2sql($locale));
 			$query->where[] = $qry; 
 		}
 	}