From 655325e627d5008da8df59bf665768af91c1cd49 Mon Sep 17 00:00:00 2001
From: oesi <oesi@technikum-wien.at>
Date: Fri, 30 Oct 2015 14:28:06 +0100
Subject: [PATCH] =?UTF-8?q?Parameter=20User=20f=C3=BCr=20Filter=20gequotet?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 include/filter.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/filter.class.php b/include/filter.class.php
index e83d8ef1f..ed6076f10 100644
--- a/include/filter.class.php
+++ b/include/filter.class.php
@@ -184,7 +184,7 @@ class filter extends basis_db
 						$html.=$filter->htmlattr;
 						$html.=' >';
 						$user = get_uid();
-						$sql = str_replace('$user', $user, $filter->sql);
+						$sql = str_replace('$user', $this->db_add_param($user), $filter->sql);
 						$this->loadValues($sql, $filter->valuename, $filter->showvalue);
 						foreach ($this->values as $value)
 							$html.="\n\t\t\t\t".'<option value="'.$value->value.'">'.$value->text.'</option>';