From: Sarah Hoffmann <lonvia@denofr.de>
Date: Thu, 5 Oct 2017 22:26:00 +0000 (+0200)
Subject: Merge remote-tracking branch 'upstream/master'
X-Git-Tag: deploy~364
X-Git-Url: https://git.openstreetmap.org/nominatim.git/commitdiff_plain/819b858ba70fa01484ec8547f3f34b654aa4181c?hp=130f904b90dd8508a210c89f2f2cd76056adc397

Merge remote-tracking branch 'upstream/master'
---

diff --git a/lib/Geocode.php b/lib/Geocode.php
index a2baa8ea..ac92257f 100644
--- a/lib/Geocode.php
+++ b/lib/Geocode.php
@@ -1061,7 +1061,7 @@ class Geocode
                     continue;
                 }
 
-                $sToken = chksql($this->oDB->getOne("SELECT make_standard_name('".$aSpecialTerm[1]."') AS string"));
+                $sToken = chksql($this->oDB->getOne("SELECT make_standard_name('".pg_escape_string($aSpecialTerm[1])."') AS string"));
                 $sSQL = 'SELECT * ';
                 $sSQL .= 'FROM ( ';
                 $sSQL .= '   SELECT word_id, word_token, word, class, type, country_code, operator';