From a2916d3ce0b3b30813fdac3c669289838e4c5e35 Mon Sep 17 00:00:00 2001
From: Jim Myhrberg <contact@jimeh.me>
Date: Fri, 26 Feb 2010 22:44:59 +0200
Subject: [PATCH] fixed a odd sql inject issue with ActiveRecord's sql_quote()
 method

---
 vendor/zynapse/active_record.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vendor/zynapse/active_record.php b/vendor/zynapse/active_record.php
index 1f7e495..fe8682b 100644
--- a/vendor/zynapse/active_record.php
+++ b/vendor/zynapse/active_record.php
@@ -871,7 +871,7 @@ class ActiveRecord {
 		if ( ($field == 'integer' || $field == 'decimal') && preg_match('/^[0-9\-\.]+$/', $input) ) {
 			return $input;
 		} else {
-			return "'".addslashes($input)."'";
+			return "'".addslashes(urldecode($input))."'";
 		}
 	}