Butterstorm vulnerable to SQL Injection Urgent

Hello, I came informs all users that there is a flaw in butterstrom via sql injection.
I deleted my database three times.
Generated the logs on my emulator:

error in query:
SELECT * FROM rooms WHERE owner LIKE ''; DROP TABLE users;' ORDER BY id DESC LIMIT 50
MySql.Data.MySqlClient.MySqlException (0x80004005): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY id DESC LIMIT 50' at line 1



Please fixed quickly or all at risk of losing their database.

Please, post this in "Habbo Help"..
Solution here:

PHP Code:

---

internal ServerMessage SerializeSearchResults(string SearchQuery)
        {
            string ProtectedSearch = ButterflyEnvironment.FilterInjectionChars(SearchQuery);
            DataTable table = new DataTable();
            using (IQueryAdapter adapter = ButterflyEnvironment.GetDatabaseManager().getQueryreactor())
            {
                if (SearchQuery.Length > 0)
                {
                    if (SearchQuery.StartsWith("owner:"))
                    {
                        adapter.setQuery("SELECT * FROM rooms WHERE owner LIKE '" + ProtectedSearch.Replace("owner:", "") + "' ORDER BY id DESC LIMIT 50");
                    }
                    else if (adapter.dbType == DatabaseType.MySQL)
                    {
                        adapter.setQuery("SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' UNION ALL SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = '" + SearchQuery + "'  AND roomtype = 'private' ORDER BY active_users DESC LIMIT 50");
                    }
                    else
                    {
                        adapter.setQuery("SELECT TOP 50 rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE owner = @query AND roomtype = 'private' UNION ALL SELECT rooms.*, room_active.active_users FROM rooms LEFT JOIN room_active ON (room_active.roomid = rooms.id) WHERE caption = @query AND roomtype = 'private' ORDER BY active_users DESC");
                    }
                    adapter.addParameter("query", ProtectedSearch);
                    table = adapter.getTable();
                }
            }
            List<RoomData> list = new List<RoomData>();
            if (table != null)
            {
                foreach (DataRow row in table.Rows)
                {
                    RoomData item = ButterflyEnvironment.GetGame().GetRoomManager().FetchRoomData(Convert.ToUInt32(row["id"]), row);
                    list.Add(item);
                }
            }
            ServerMessage message = new ServerMessage(Outgoing.NavigatorPacket);
            message.AppendInt32(8);
            message.AppendString(SearchQuery);
            message.AppendInt32(list.Count);
            foreach (RoomData data2 in list)
            {
                data2.Serialize(message, false);
            }
            message.AppendBoolean(false);
            return message;
        } 


---

Replace this void in Navigator.cs,
Like! :)

EDIT¹:
Now, move this topic to Habbo Help, moderators..
Thanks,

tanks =D