From 4b6804eaabe26516069ca16063b9bef45107d9f3 Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Mon, 16 Jul 2018 11:22:58 +1200
Subject: [PATCH] [SS-2018-016] Group table name is escaped to prevent
 possibility of SQL injection

---
 src/Extensions/GroupSubsites.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Extensions/GroupSubsites.php b/src/Extensions/GroupSubsites.php
index 3251a89..2e583f1 100644
--- a/src/Extensions/GroupSubsites.php
+++ b/src/Extensions/GroupSubsites.php
@@ -47,7 +47,7 @@ class GroupSubsites extends DataExtension implements PermissionProvider
         }
         // Migration for Group.SubsiteID data from when Groups only had a single subsite
         $schema = DataObject::getSchema();
-        $groupTable = $schema->tableName(Group::class);
+        $groupTable = Convert::raw2sql($schema->tableName(Group::class));
         $groupFields = DB::field_list($groupTable);
 
         // Detection of SubsiteID field is the trigger for old-style-subsiteID migration