external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

aurjson: Escape wildcards in "LIKE" patterns (fixes FS#18626).

Browse source 
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE", so we need to deal with them separately.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-01-28 16:33:02 +01:00
parent 888aad477c
commit da2ebb667b
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
web/lib/aurjson.class.php
View file

@ -107,6 +107,7 @@ class AurJSON {
} }
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_');
$query = "SELECT " . implode(',', $this->fields) . $query = "SELECT " . implode(',', $this->fields) .
" FROM Packages WHERE DummyPkg=0 AND " . " FROM Packages WHERE DummyPkg=0 AND " .