Index: database/updates.inc
===================================================================
RCS file: /cvs/drupal/drupal/database/updates.inc,v
retrieving revision 1.143
diff -u -p -r1.143 updates.inc
--- database/updates.inc        5 Nov 2005 08:00:20 -0000       1.143
+++ database/updates.inc        5 Nov 2005 09:23:33 -0000
@@ -1071,7 +1071,9 @@ function update_151() {

           $mid = db_next_id('{menu}_mid');
           $ret[] = update_sql("INSERT INTO {menu} (mid, pid, path, title, description, weight, type) " .
-                               "VALUES ($mid, {$menus[$loop]['pid']}, '$link_path', '{$links['text'][$i]}', '{$links['description'][$i]}', 0, 118)");
+                               "VALUES ($mid, {$menus[$loop]['pid']}, '" . db_escape_string($link_path) .
+                               "', '" . db_escape_string($links['text'][$i]) .
+                               "', '" . db_escape_string($links['description'][$i]) . "', 0, 118)");
         }
       }
       // delete Secondary links if not populated.