From fe61abc3cdfc011945598dd17932aecb335bbe1a Mon Sep 17 00:00:00 2001
From: Tim DeLong <timdelong1@hotmail.com>
Date: Wed, 30 Dec 2015 11:42:49 -0500
Subject: [PATCH] * AddReport's who and against strings were not being escaped
 properly.

---
 common/database.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/database.cpp b/common/database.cpp
index b8ea025ae..dcc3fbe77 100644
--- a/common/database.cpp
+++ b/common/database.cpp
@@ -1564,7 +1564,7 @@ void Database::AddReport(std::string who, std::string against, std::string lines
 	char *escape_str = new char[lines.size()*2+1];
 	DoEscapeString(escape_str, lines.c_str(), lines.size());
 
-	std::string query = StringFormat("INSERT INTO reports (name, reported, reported_text) VALUES('%s', '%s', '%s')", who.c_str(), against.c_str(), escape_str);
+	std::string query = StringFormat("INSERT INTO reports (name, reported, reported_text) VALUES('%s', '%s', '%s')", EscapeString(who).c_str(), EscapeString(against).c_str(), escape_str);
 	QueryDatabase(query);
 	safe_delete_array(escape_str);
 }