Index: xcvs/xcvs-loginfo.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cvslog/xcvs/xcvs-loginfo.php,v
retrieving revision 1.14
diff -u -p -r1.14 xcvs-loginfo.php
--- xcvs/xcvs-loginfo.php	5 May 2009 17:15:32 -0000	1.14
+++ xcvs/xcvs-loginfo.php	17 Aug 2009 21:43:46 -0000
@@ -204,14 +204,14 @@ function xcvs_init($argc, $argv) {
       // Integrate with Drupal cvslog.module.
       if ($xcvs['cvslog'] && is_array($cvslog_files)) {
         $connection = xcvs_db_connect($xcvs);
-        $uid = mysql_result(mysql_query("SELECT uid FROM cvs_accounts WHERE cvs_user = '". mysql_escape_string($user) ."'"), 0);
+        $uid = mysql_result(mysql_query("SELECT uid FROM cvs_accounts WHERE cvs_user = '". mysql_real_escape_string($user) ."'"), 0);
 
-        mysql_query("INSERT INTO cvs_messages (rid, uid, created, cvs_user, message) VALUES ($xcvs[cvs_repo_id], $uid, ". time() .", '$user', '". mysql_escape_string($message) ."')");
+        mysql_query("INSERT INTO cvs_messages (rid, uid, created, cvs_user, message) VALUES ($xcvs[cvs_repo_id], $uid, ". time() .", '$user', '". mysql_real_escape_string($message) ."')");
 
         $cid = xcvs_last_insert_id('cvs_messages', 'cid');
 
         foreach ($cvslog_files as $cvslog_file) {
-          $project = mysql_query("SELECT nid FROM cvs_projects WHERE rid = ". $xcvs[cvs_repo_id] ." AND '". mysql_escape_string($cvslog_file->file) ."' LIKE CONCAT(directory, '%')");
+          $project = mysql_query("SELECT nid FROM cvs_projects WHERE rid = ". $xcvs[cvs_repo_id] ." AND '". mysql_real_escape_string($cvslog_file->file) ."' LIKE CONCAT(directory, '%')");
           if ($project && mysql_num_rows($project) > 0) $nid = mysql_result($project, 0);
           else $nid = 0;
 
@@ -224,9 +224,9 @@ function xcvs_init($argc, $argv) {
             // someone commits a file to a branch, we make sure
             // there's a valid entry in {cvs_tags} for that project +
             // branch, and if not, we add it here.
-            $db_tag = mysql_query("SELECT * from cvs_tags WHERE nid = $nid AND tag = '" . mysql_escape_string($tag) . "'");
+            $db_tag = mysql_query("SELECT * from cvs_tags WHERE nid = $nid AND tag = '" . mysql_real_escape_string($tag) . "'");
             if (!($db_tag && mysql_num_rows($db_tag) > 0)) {
-              mysql_query("INSERT INTO cvs_tags (nid, branch, tag) VALUES ($nid, 1, '" . mysql_escape_string($tag) . "')");
+              mysql_query("INSERT INTO cvs_tags (nid, branch, tag) VALUES ($nid, 1, '" . mysql_real_escape_string($tag) . "')");
             }
           }
         }
Index: xcvs/xcvs-taginfo.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cvslog/xcvs/xcvs-taginfo.php,v
retrieving revision 1.12
diff -u -p -r1.12 xcvs-taginfo.php
--- xcvs/xcvs-taginfo.php	12 Dec 2008 02:18:04 -0000	1.12
+++ xcvs/xcvs-taginfo.php	17 Aug 2009 21:43:46 -0000
@@ -133,10 +133,10 @@ function xcvs_store_tag_in_db($dir, $tag
   mysql_query('LOCK TABLES cvs_tags');
 
   if ($op == 'add') {
-    mysql_query("INSERT INTO cvs_tags (nid, tag, branch, timestamp) VALUES ($nid, '" . mysql_escape_string($tag) . "', $branch, ". time() .")");
+    mysql_query("INSERT INTO cvs_tags (nid, tag, branch, timestamp) VALUES ($nid, '" . mysql_real_escape_string($tag) . "', $branch, ". time() .")");
   }
   else {
-    mysql_query("DELETE FROM cvs_tags WHERE nid=$nid AND tag='" . mysql_escape_string($tag) . "'");
+    mysql_query("DELETE FROM cvs_tags WHERE nid=$nid AND tag='" . mysql_real_escape_string($tag) . "'");
   }
 
   // Unlock the affected tables so avoid clashes (transactions):