HOR-4751

gulliver/system/class.inputfilter.php

@@ -352,6 +352,7 @@ class InputFilter
       * @param String $source
       * @param Resource $connection - An open MySQL connection
       * @return String $source
+      * @todo We need to review this method, because the sended string is unescaped
       */
     public function escapeString($string, &$connection)
     {
@@ -364,6 +365,19 @@ class InputFilter
         }
         return $string;
     }
+
+    /*
+     * Escapes a string using a Propel connection
+     *
+     * @param string $string The string to escapes
+     * @param object $connection The connection object
+     *
+     * @return string
+     */
+    public function escapeUsingConnection($string, $connection)
+    {
+        return mysql_real_escape_string($string, $connection->getResource());
+    }
     
     /** 
       * Internal method removes tags/special characters