From e2f99d4ec8ba96eeb5d5f2ff2692255c78a39557 Mon Sep 17 00:00:00 2001
From: Larry Garfield <larry@garfieldtech.com>
Date: Fri, 28 Sep 2012 11:34:24 -0500
Subject: [PATCH] Properly escape SQL table.

---
 core/lib/Drupal/Core/Routing/PathMatcher.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/lib/Drupal/Core/Routing/PathMatcher.php b/core/lib/Drupal/Core/Routing/PathMatcher.php
index ede6bde1f82..cef1a0a07cc 100644
--- a/core/lib/Drupal/Core/Routing/PathMatcher.php
+++ b/core/lib/Drupal/Core/Routing/PathMatcher.php
@@ -62,7 +62,7 @@ class PathMatcher implements InitialMatcherInterface {
 
     $ancestors = $this->getCandidateOutlines($parts);
 
-    $routes = $this->connection->query("SELECT name, route FROM {{$this->tableName}} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
+    $routes = $this->connection->query("SELECT name, route FROM {" . $this->connection->escapeTable($this->tableName) . "} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
       ':patterns' => $ancestors,
     ))
     ->fetchAllKeyed();