From 4cb3f5126c41933427d69face23047543d86f7a8 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Tue, 16 Feb 2021 13:45:23 -0800
Subject: [PATCH] (security/core#105) Joomla::authenticate() - Fix escaping

---
 CRM/Utils/System/Joomla.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CRM/Utils/System/Joomla.php b/CRM/Utils/System/Joomla.php
index 14245c28a8..18637f3c1c 100644
--- a/CRM/Utils/System/Joomla.php
+++ b/CRM/Utils/System/Joomla.php
@@ -342,7 +342,7 @@ class CRM_Utils_System_Joomla extends CRM_Utils_System_Base {
     $query = $db->getQuery(TRUE);
     $query->select('id, name, username, email, password');
     $query->from($JUserTable->getTableName());
-    $query->where('(LOWER(username) = LOWER(\'' . $name . '\')) AND (block = 0)');
+    $query->where('(LOWER(username) = LOWER(' . $db->quote($name) . ')) AND (block = 0)');
     $db->setQuery($query, 0, 0);
     $users = $db->loadObjectList();
 
-- 
2.25.1