From 592f8c163727e43c2c4fc1da6a844314ce33ed0c Mon Sep 17 00:00:00 2001
From: Maja Komel <maja.komel@gmail.com>
Date: Tue, 20 Nov 2018 15:28:37 +0100
Subject: [PATCH] FIX: escape sso_secret string when migrating to
 sso_provider_secret (#6634)

---
 ...0181005084357_add_sso_provider_secrets_to_site_settings.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb b/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb
index 4e95023b430..b1c7b421a2e 100644
--- a/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb
+++ b/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb
@@ -2,8 +2,10 @@ class AddSsoProviderSecretsToSiteSettings < ActiveRecord::Migration[5.2]
   def up
     return unless SiteSetting.enable_sso_provider && SiteSetting.sso_secret.present?
     sso_secret = SiteSetting.sso_secret
+    sso_secret_insert = ActiveRecord::Base.connection.quote("*|#{sso_secret}")
+
     execute "INSERT INTO site_settings(name, data_type, value, created_at, updated_at)
-             VALUES ('sso_provider_secrets', 8, '*|#{sso_secret}', now(), now())"
+             VALUES ('sso_provider_secrets', 8, #{sso_secret_insert}, now(), now())"
   end
 
   def down