SQL Error after uploading new file - [Fixed in 3.2.15 !!!]

[sapphireweb]

Using 3.2.12

After adding uploading a new file via filezilla and going into the Control panel for jDownloads we get the following error:

<title>Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near &#039;m-Brown-partial.pdf&#039;&#039; at line 1 SQL=SELECT cat_id FROM jml_jdownloads_files WHERE url_download = &#039;Because-I&#039;m-Brown-partial.pdf&#039;</title>

Now this was resolved by removing the ' from the file name, and I realize that special characters in a file name are bad... (they keep forgetting that.)  However shouldn't jDownloads be "escaping" the input, or using some method so that the fields are treated as literal strings?  

I mention this, because I can see this as a potential security risk.  Now, I do see there is a new update to jDownloads, however that was not applied at the time this occurred.

[Arno]

Hi,
sorry for the late reply.
So when i have understand it correctly, the uploaded file had single quote characters in the file name?
What for configuration settings use you for 'folders and files'?

I will check this here again...

[Arno]

Hi,
this problem is fixed in the next beta 3.2.15.
From now an are in the monitoring function files with a single or double quote character in the filename ignored!