summaryrefslogtreecommitdiffstats
path: root/web/lib/aurjson.class.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-01-28 16:33:02 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2011-01-28 16:54:58 +0100
commitda2ebb667b7a332ddd8d905bf9b9a8694765fed6 (patch)
treec352299ccdcc230e1a9f0e9d2efd633623027267 /web/lib/aurjson.class.php
parent888aad477c7b92104d6df651dffb9d51f57cfdb4 (diff)
downloadaur-da2ebb667b7a332ddd8d905bf9b9a8694765fed6.tar.gz
aur-da2ebb667b7a332ddd8d905bf9b9a8694765fed6.tar.xz
aurjson: Escape wildcards in "LIKE" patterns (fixes FS#18626).
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE", so we need to deal with them separately. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/aurjson.class.php')
-rw-r--r--web/lib/aurjson.class.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 0868cb2d..d545ee0a 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -107,6 +107,7 @@ class AurJSON {
}
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
+ $keyword_string = addcslashes($keyword_string, '%_');
$query = "SELECT " . implode(',', $this->fields) .
" FROM Packages WHERE DummyPkg=0 AND " .