From 255ac6220c3b001130a7c9b4af566d4b12f37892 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Mon, 28 Oct 2013 15:54:46 +0400
Subject: [PATCH] Secure database tables prefix

---
 src/mibew/libs/classes/database.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/mibew/libs/classes/database.php b/src/mibew/libs/classes/database.php
index 0f90cc90..7180be97 100644
--- a/src/mibew/libs/classes/database.php
+++ b/src/mibew/libs/classes/database.php
@@ -169,13 +169,14 @@ Class Database{
 
 		// Create database instance
 		$instance = new Database();
+
 		// Set database and connection properties
 		$instance->dbHost = $host;
 		$instance->dbLogin = $user;
 		$instance->dbPass = $pass;
 		$instance->dbName = $db;
 		$instance->dbEncoding = $encoding;
-		$instance->tablesPrefix = $prefix;
+		$instance->tablesPrefix = preg_replace('/[^A-Za-z0-9_$]/', '', $prefix);
 		$instance->forceCharsetInConnection = $force_charset;
 		$instance->usePersistentConnection = $use_pconn;