fix remember me

src/App/Security/TokenProvider.php

@@ -25,7 +25,7 @@ public function loadTokenBySeries(string $series)
     {
         if (!isset($this->tokens[$series])) {
             $result = $this->db->query(
-                "SELECT * FROM remember_me_tokens WHERE series='$series'"
+                "SELECT * FROM remember_me_tokens WHERE series='{$this->db->escape($series)}'"
             );
             if (!$result || $result->rowCount() == 0) {
                 throw new TokenNotFoundException('No token found.');
@@ -68,7 +68,7 @@ public function updateToken(string $series, string $tokenValue, \DateTime $lastU
     public function deleteTokenBySeries(string $series)
     {
         $this->db->query(
-            "DELETE FROM remember_me_tokens WHERE series='$series'"
+            "DELETE FROM remember_me_tokens WHERE series='{$this->db->escape($series)}'"
         );
 
         unset($this->tokens[$series]);
@@ -81,10 +81,10 @@ public function createNewToken(PersistentTokenInterface $token)
     {
         $this->db->query(
             "INSERT INTO remember_me_tokens (class, username, series, value, lastUsed) 
-            VALUES ('{$token->getClass()}',
-                    '{$token->getUserIdentifier()}',
-                    '{$token->getSeries()}',
-                    '{$token->getTokenValue()}',
+            VALUES ('{$this->db->escape($token->getClass())}',
+                    '{$this->db->escape($token->getUserIdentifier())}',
+                    '{$this->db->escape($token->getSeries())}',
+                    '{$this->db->escape($token->getTokenValue())}',
                     '{$token->getLastUsed()->format('Y-m-d H:i:s')}')"
         );