From 85a7a306ffdccfb097da081db0f0fa2bc06f177d Mon Sep 17 00:00:00 2001
From: Christophe Romain <christophe.romain@process-one.net>
Date: Fri, 2 Feb 2007 10:58:40 +0000
Subject: [PATCH] security bugfix

SVN Revision: 718
---
 src/mod_roster_odbc.erl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/mod_roster_odbc.erl b/src/mod_roster_odbc.erl
index 9509cc68c..b3ffa819e 100644
--- a/src/mod_roster_odbc.erl
+++ b/src/mod_roster_odbc.erl
@@ -821,12 +821,13 @@ record_to_string(#roster{us = {User, _Server},
 	       in	   -> "I";
 	       none	   -> "N"
 	   end,
+    SAskMessage = ejabberd_odbc:escape(AskMessage),
     ["'", Username, "',"
      "'", SJID, "',"
      "'", Nick, "',"
      "'", SSubscription, "',"
      "'", SAsk, "',"
-     "'", AskMessage, "',"
+     "'", SAskMessage, "',"
      "'N', '', 'item'"].
 
 groups_to_string(#roster{us = {User, _Server},