From d2562a25dfc3213eaad1d902285c8ad4ca2b4a36 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 24 Jan 2026 12:54:31 +0000
Subject: [PATCH] Restore safe connection quoting

Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
---
 includes/database.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/includes/database.php b/includes/database.php
index 738eca9..b6a76f7 100644
--- a/includes/database.php
+++ b/includes/database.php
@@ -5,10 +5,10 @@ namespace Kabano;
 function sql_connect() {
 	global $config;
 
-	$connection = "host='".pg_escape_string((string)$config['SQL_host'])."'"
-		." dbname='".pg_escape_string((string)$config['SQL_db'])."'"
-		." user='".pg_escape_string((string)$config['SQL_user'])."'"
-		." password='".pg_escape_string((string)$config['SQL_pass'])."'";
+	$connection = "host=".sql_escape_connection_value($config['SQL_host'])
+		." dbname=".sql_escape_connection_value($config['SQL_db'])
+		." user=".sql_escape_connection_value($config['SQL_user'])
+		." password=".sql_escape_connection_value($config['SQL_pass']);
 
 	$con = pg_connect($connection);
 	if (!$con) {
@@ -20,4 +20,11 @@ function sql_connect() {
 	return $con;
 }
 
+function sql_escape_connection_value($value) {
+	$value = (string)$value;
+	$value = str_replace("\0", '', $value);
+	$value = str_replace(['\\', "'"], ['\\\\', "\\'"], $value);
+	return "'".$value."'";
+}
+
 ?>