From b1bfb70c13553dbacf6810f7f9e77e4fba756886 Mon Sep 17 00:00:00 2001
From: Adam Zammit <adam.zammit@acspri.org.au>
Date: Wed, 3 Apr 2013 14:37:08 +1100
Subject: [PATCH] Use qstr for operator id to allow for special characters

---
 functions/functions.operator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions/functions.operator.php b/functions/functions.operator.php
index 60787269..d854af02 100644
--- a/functions/functions.operator.php
+++ b/functions/functions.operator.php
@@ -800,7 +800,7 @@ function get_operator_id()
 
 	$sql = "SELECT operator_id
 		FROM operator
-		WHERE username = '{$_SERVER['PHP_AUTH_USER']}'
+		WHERE username = " . $db->qstr($_SERVER['PHP_AUTH_USER']) . "
 		AND enabled = 1";
 
 	$o = $db->GetRow($sql);