From 6f0ca8ce599a2afcbd1bf0ccc29feeb3e9212cfb Mon Sep 17 00:00:00 2001
From: Altamash Shaikh <altu9594@gmail.com>
Date: Thu, 14 Aug 2025 13:39:48 +0530
Subject: [PATCH 1/2] Code to resolved Aikido reported issue: 12726180

---
 Queue/Backend/MySQL.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Queue/Backend/MySQL.php b/Queue/Backend/MySQL.php
index dff58f1..98fb653 100644
--- a/Queue/Backend/MySQL.php
+++ b/Queue/Backend/MySQL.php
@@ -99,7 +99,7 @@ public function appendValuesToList($key, $values)
     {
         $table = $this->makePrefixedKeyListTableName($key);
 
-        $query = sprintf('INSERT INTO %s (`list_value`) VALUES (?)', $table);
+        $query = sprintf('INSERT INTO `%s` (`list_value`) VALUES (?)', $table);
         foreach ($values as $value) {
             if (empty($value)) {
                 continue;
@@ -143,7 +143,7 @@ public function getFirstXValuesFromList($key, $numValues)
         }
 
         $table = $this->makePrefixedKeyListTableName($key);
-        $sql = sprintf('SELECT SQL_NO_CACHE list_value FROM %s ORDER BY idqueuelist ASC LIMIT %d OFFSET 0', $table, (int)$numValues);
+        $sql = sprintf('SELECT SQL_NO_CACHE list_value FROM `%s` ORDER BY idqueuelist ASC LIMIT %d OFFSET 0', $table, (int)$numValues);
 
         try {
             $values = Db::fetchAll($sql);
@@ -172,7 +172,7 @@ public function hasAtLeastXRequestsQueued($key, $numValuesRequired)
         }
 
         $table = $this->makePrefixedKeyListTableName($key);
-        $sql = sprintf('SELECT SQL_NO_CACHE idqueuelist FROM %s LIMIT %d', $table, (int)$numValuesRequired);
+        $sql = sprintf('SELECT SQL_NO_CACHE idqueuelist FROM `%s` LIMIT %d', $table, (int)$numValuesRequired);
 
         try {
             $values = Db::fetchAll($sql);
@@ -194,7 +194,7 @@ public function removeFirstXValuesFromList($key, $numValues)
         }
 
         $table = $this->makePrefixedKeyListTableName($key);
-        $sql = sprintf('DELETE FROM %s ORDER BY idqueuelist ASC LIMIT %d', $table, (int)$numValues);
+        $sql = sprintf('DELETE FROM `%s` ORDER BY idqueuelist ASC LIMIT %d', $table, (int)$numValues);
 
         try {
             Db::query($sql);
@@ -210,7 +210,7 @@ public function removeFirstXValuesFromList($key, $numValues)
     public function getNumValuesInList($key)
     {
         $table = $this->makePrefixedKeyListTableName($key);
-        $sql = sprintf('SELECT SQL_NO_CACHE max(idqueuelist) - min(idqueuelist) as num_entries FROM %s', $table);
+        $sql = sprintf('SELECT SQL_NO_CACHE max(idqueuelist) - min(idqueuelist) as num_entries FROM `%s`', $table);
         try {
             $value = Db::fetchOne($sql);
             if ($value === null || $value === false) {

From 0fd3335a615abf1bce2ddfc5530427330aa0d268 Mon Sep 17 00:00:00 2001
From: Altamash Shaikh <altu9594@gmail.com>
Date: Wed, 20 Aug 2025 08:59:09 +0530
Subject: [PATCH 2/2] bumped version to 5.1.3

---
 CHANGELOG.md | 3 +++
 plugin.json  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6d5da0c..ec8b4e2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 ## Changelog
 
+5.1.3 - 2025-09-01
+- Security hardening
+
 5.1.2 - 2025-07-07
 - Textual changes
 
diff --git a/plugin.json b/plugin.json
index 569f699..1875b6b 100644
--- a/plugin.json
+++ b/plugin.json
@@ -1,6 +1,6 @@
 {
     "name": "QueuedTracking",
-    "version": "5.1.2",
+    "version": "5.1.3",
     "description": "Scale your large traffic Matomo service by queuing tracking requests in Redis or MySQL for better performance and reliability when experiencing peaks.",
     "theme": false,
     "keywords": ["tracker", "tracking", "queue", "redis"],