#54981: calls to db_lock_table in bootstrap.inc do not use db_prefix

4 files changed, 12 insertions, 3 deletions

diff --git a/includes/database.inc b/includes/database.inc
index 548e310e5..987adbc28 100644
--- a/includes/database.inc
+++ b/includes/database.inc
@@ -316,6 +316,15 @@ function db_rewrite_sql($query, $primary_table = 'n', $primary_field = 'nid',  $
 }
 
 /**
+ * Restrict a dynamic tablename to safe characters.
+ *
+ * Only keeps alphanumeric and underscores.
+ */
+function db_escape_table($string) {
+  return preg_replace('/[^A-Za-z0-9_]+/', '', $string);
+}
+
+/**
  * @} End of "defgroup database".
  */
 
diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc
index 03e9eb21d..037106b0a 100644
--- a/includes/database.mysql.inc
+++ b/includes/database.mysql.inc
@@ -353,7 +353,7 @@ function db_escape_string($text) {
  * Lock a table.
  */
 function db_lock_table($table) {
-  db_query('LOCK TABLES {%s} WRITE', $table);
+  db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE');
 }
 
 /**
diff --git a/includes/database.mysqli.inc b/includes/database.mysqli.inc
index 9d5cf71d1..97a4daf2a 100644
--- a/includes/database.mysqli.inc
+++ b/includes/database.mysqli.inc
@@ -355,7 +355,7 @@ function db_escape_string($text) {
  * Lock a table.
  */
 function db_lock_table($table) {
-  db_query('LOCK TABLES {%s} WRITE', $table);
+  db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE');
 }
 
 /**
diff --git a/includes/database.pgsql.inc b/includes/database.pgsql.inc
index 007d825a0..dc8d081db 100644
--- a/includes/database.pgsql.inc
+++ b/includes/database.pgsql.inc
@@ -331,7 +331,7 @@ function db_escape_string($text) {
  * This function automatically starts a transaction.
  */
 function db_lock_table($table) {
-  db_query('BEGIN; LOCK TABLE {%s} IN EXCLUSIVE MODE', $table);
+  db_query('BEGIN; LOCK TABLE {'. db_escape_table($table) .'} IN EXCLUSIVE MODE');
 }
 
 /**