From 4edab80a15cad1a479d110f6b7e782e1b434763d Mon Sep 17 00:00:00 2001
From: Rafael Bodill <rafi@sortex.co.il>
Date: Sun, 28 Sep 2014 20:23:13 +0300
Subject: file/cron: Protecting identifiers

---
 application/controllers/file.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/application/controllers/file.php b/application/controllers/file.php
index ddb7a38cf..329a0bdf7 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -1004,7 +1004,8 @@ class File extends MY_Controller {
 		$query = $this->db->select('hash, id, user')
 			->from('files')
 			->where('date <', $oldest_time)
-			->or_where("(user = 0 AND date < $oldest_session_time)")
+			->or_where('('.$this->db->_protect_identifiers('user').' = 0 AND '
+									.$this->db->_protect_identifiers('date')." < $oldest_session_time)")
 			->get()->result_array();
 
 		foreach($query as $row) {
-- 
cgit v1.2.3-24-g4f1b