CRM-14676 - need to escape names before inserting into prev_next_cache

----------------------------------------
* CRM-14676: Inserting values into civicrm_prevnext_cache fails to properly escape names
  https://issues.civicrm.org/jira/browse/CRM-14676

diff --git a/CRM/Contact/Selector.php b/CRM/Contact/Selector.php
index aa040d8e9b2c24a2500058773b7f8d8092f279ed..ad3f6f119b2216522acfc11037052d98895d2103 100644 (file)
--- a/CRM/Contact/Selector.php
+++ b/CRM/Contact/Selector.php
@@ -964,7 +964,7 @@ SELECT 'civicrm_contact', contact_a.id, contact_a.id, '$cacheKey', contact_a.dis
     // build insert query, note that currently we build cache for 500 contact records at a time, hence below approach
     $insertValues = array();
     while($dao->fetch()) {
-      $insertValues[] = "('civicrm_contact', {$dao->contact_id}, {$dao->contact_id}, '{$cacheKey}', '{$dao->sort_name}')";
+      $insertValues[] = "('civicrm_contact', {$dao->contact_id}, {$dao->contact_id}, '{$cacheKey}', '" . CRM_Core_DAO::escapeString($dao->sort_name) . "')";
     }
 
     //update pre/next cache using single insert query