Index: includes/functions.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/functions.php,v
retrieving revision 1.596
diff -u -p -r1.596 functions.php
--- includes/functions.php	19 Jun 2007 18:24:28 -0000	1.596
+++ includes/functions.php	21 Jun 2007 23:22:56 -0000
@@ -3878,7 +3878,7 @@ function page_header($page_title = '', $
 			$f = request_var('f', 0);
 
 			// Do not change this (it is defined as _f_={forum_id}x within session.php)
-			$reading_sql = " AND s.session_page LIKE '%\_f\_={$f}x%'";
+			$reading_sql = " AND s.session_page LIKE '" . $db->sql_escape("%\_f\_={$f}x%") . "'";
 
 			// Specify escape character for MSSQL
 			if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc')
Index: includes/functions_admin.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/functions_admin.php,v
retrieving revision 1.239
diff -u -p -r1.239 functions_admin.php
--- includes/functions_admin.php	18 Jun 2007 13:08:48 -0000	1.239
+++ includes/functions_admin.php	21 Jun 2007 23:22:57 -0000
@@ -2206,7 +2206,7 @@ function cache_moderators()
 				AND a.group_id = ug.group_id
 				AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . "
 				AND ug.user_pending = 0
-				AND o.auth_option LIKE 'm\_%'" . 
+				AND o.auth_option LIKE '" . $db->sql_escape('m\_%') . "'" . 
 				(($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') ? " ESCAPE '\\'" : ''),
 		));
 		$result = $db->sql_query($sql);
Index: includes/acp/acp_users.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/acp/acp_users.php,v
retrieving revision 1.118
diff -u -p -r1.118 acp_users.php
--- includes/acp/acp_users.php	18 Jun 2007 15:12:14 -0000	1.118
+++ includes/acp/acp_users.php	21 Jun 2007 23:22:57 -0000
@@ -1831,7 +1831,7 @@ class acp_users
 					// Select auth options
 					$sql = 'SELECT auth_option, is_local, is_global
 						FROM ' . ACL_OPTIONS_TABLE . "
-						WHERE auth_option LIKE '%\_'";
+						WHERE auth_option LIKE '" . $db->sql_escape('%\_') . "'";
 
 					if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc')
 					{
@@ -1856,7 +1856,7 @@ class acp_users
 				{
 					$sql = 'SELECT auth_option, is_local, is_global
 						FROM ' . ACL_OPTIONS_TABLE . "
-						WHERE auth_option LIKE '%\_'";
+						WHERE auth_option LIKE '" . $db->sql_escape('%\_') . "'";
 
 					if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc')
 					{