From d1bee6347f06af2824929d1bb8d6bf3257b8ec6c Mon Sep 17 00:00:00 2001
From: guy_schneerson <guy@blue-bag.com>
Date: Thu, 16 Oct 2014 10:50:39 +0100
Subject: [PATCH] MAIN-30 - SA-CORE-2014-005 - Drupal core - SQL injection

---
 includes/database/database.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/database/database.inc b/includes/database/database.inc
index 604dd4c7..ebfac9ae 100755
--- a/includes/database/database.inc
+++ b/includes/database/database.inc
@@ -733,7 +733,7 @@ abstract class DatabaseConnection extends PDO {
     // to expand it out into a comma-delimited set of placeholders.
     foreach (array_filter($args, 'is_array') as $key => $data) {
       $new_keys = array();
-      foreach ($data as $i => $value) {
+      foreach (array_values($data) as $i => $value) {
         // This assumes that there are no other placeholders that use the same
         // name.  For example, if the array placeholder is defined as :example
         // and there is already an :example_2 placeholder, this will generate