DatabaseBase::addIdentifierQuotes escapes strings for use as an identifier before quoting them. However, DatabaseMysqlBase::addIdentifierQuotes uses a different type of quote (backticks) because of MySQL behavior.
Despite this, it still applies default escaping. If any database identifiers happen to have bad characters in them (highly unlikely, but a possibility), then it would cause a problem.
This would involve fixing DatabaseMysqlBase to escape the proper characters rather than just calling strencode like it does now.
Version: 1.22.0
Severity: normal