From d5b3f25de9b327a9b6fd002d05726e9680dd4c14 Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Mon, 23 May 2016 15:40:12 +0200
Subject: [PATCH] Db: quote data before passing to pgsql

---
 library/Director/Db.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/Director/Db.php b/library/Director/Db.php
index 5217d467..9addeb3e 100644
--- a/library/Director/Db.php
+++ b/library/Director/Db.php
@@ -273,7 +273,9 @@ class Db extends DbConnection
     public function fetchActivityLogIdByChecksum($checksum)
     {
         $sql = 'SELECT id FROM director_activity_log WHERE checksum = ?';
-        return $this->db()->fetchOne($sql, $this->quoteBinary($checksum));
+        return $this->db()->fetchOne(
+            $this->db()->quoteInto($sql,  $this->quoteBinary($checksum))
+        );
     }
 
     public function fetchActivityLogEntry($checksum)