From 4982167e711d8eb66df409f8b33d7ec43a6a9838 Mon Sep 17 00:00:00 2001
From: Rob Clayburn <rob@pollen-8.co.uk>
Date: Tue, 20 Sep 2011 17:20:33 +0800
Subject: [PATCH] replacing hardwired quotes with db->Quote call for element
 AES_DECRYPT in getAsField_html

---
 components/com_fabrik/models/element.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/com_fabrik/models/element.php b/components/com_fabrik/models/element.php
index 2dce0e6e90c..2953083f14d 100644
--- a/components/com_fabrik/models/element.php
+++ b/components/com_fabrik/models/element.php
@@ -359,14 +359,14 @@ function getAsField_html(&$aFields, &$aAsFields, $opts = array())
 		$k = $db->nameQuote($dbtable).".".$db->nameQuote($this->_element->name);
 		$secret = JFactory::getConfig()->getValue('secret');
 		if ($this->encryptMe()) {
-			$k = "AES_DECRYPT($k, '".$secret."')";
+			$k = "AES_DECRYPT($k, ".$db->Quote($secret).")";
 		}
 
 		if ($this->isJoin()) {
 
 			$jkey = $this->_element->name;
 			if ($this->encryptMe()) {
-				$jkey = "AES_DECRYPT($jkey, '".$secret."')";
+				$jkey = "AES_DECRYPT($jkey, ".$db->Quote($secret).")";
 			}
 			$jointable = $this->getJoinModel()->getJoin()->table_join;
 			$fullElName = JArrayHelper::getValue($opts, 'alias', $db->nameQuote("$jointable" . "___" . $this->_element->name));
@@ -384,7 +384,7 @@ function getAsField_html(&$aFields, &$aAsFields, $opts = array())
 			}
 			$k = $db->nameQuote($dbtable).".".$db->nameQuote($this->_element->name);
 			if ($this->encryptMe()) {
-				$k = "AES_DECRYPT($k, '".$secret."')";
+				$k = "AES_DECRYPT($k, ".$db->Quote($secret).")";
 			}
 
 			if ($this->isJoin()) {