From bbcac37e30ef3f168ca50b345fbe075ba77b2bd1 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 8 Sep 2021 20:24:44 +0200
Subject: [PATCH] [ticket/16870] Ensure to properly escape values when running
 db:migrate

PHPBB3-16870
---
 phpBB/phpbb/config/db.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/phpBB/phpbb/config/db.php b/phpBB/phpbb/config/db.php
index 4efe0d2810..5c20bb5ec9 100644
--- a/phpBB/phpbb/config/db.php
+++ b/phpBB/phpbb/config/db.php
@@ -170,8 +170,8 @@ class db extends config
 		if (!isset($this->config[$key]))
 		{
 			$sql = 'INSERT INTO ' . $this->table . ' ' . $this->db->sql_build_array('INSERT', array(
-				'config_name'	=> $key,
-				'config_value'	=> $new_value,
+				'config_name'	=> $this->db->sql_escape($key),
+				'config_value'	=> $this->db->sql_escape($new_value),
 				'is_dynamic'	=> ($use_cache) ? 0 : 1));
 			$this->db->sql_query($sql);
 		}