Index: trunk/kernel/include/usersession.php
===================================================================
diff -u -r540 -r663
--- trunk/kernel/include/usersession.php	(.../usersession.php)	(revision 540)
+++ trunk/kernel/include/usersession.php	(.../usersession.php)	(revision 663)
@@ -489,6 +489,7 @@
 	  global $objConfig, $FrontEnd;
 
       $objConfig->Set($variableName,$variableValue,2);
+		 $variableValue=addslashes($variableValue);
       
       //if(!(int)$FrontEnd==1)
       //{      
@@ -606,6 +607,7 @@
        $sessionkey = $this->GetSessionKey();
        foreach($data as $field=>$value)
        {
+		 $value=addslashes($value);
          $sql = "UPDATE ".GetTablePrefix()."SessionData SET VariableValue='$value' WHERE VariableName='$field' AND SessionKey='$sessionkey'";
          $this->adodbConnection->Execute($sql);
          //echo $sql."<br>\n";