summaryrefslogtreecommitdiffstats
path: root/web/lib/pkgfuncs.inc.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-10-20 08:43:44 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-10-24 17:57:54 +0200
commit47c5167acb0a4a2c809c03dc664fea1d130d0c8b (patch)
tree12a540a5885a59e478d8964de99605faa152c931 /web/lib/pkgfuncs.inc.php
parent323d418f02074613241d65b9cabbfd65afea9abe (diff)
downloadaur-47c5167acb0a4a2c809c03dc664fea1d130d0c8b.tar.gz
aur-47c5167acb0a4a2c809c03dc664fea1d130d0c8b.tar.xz
Escape wildcards in "LIKE" patterns
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb667b7a332ddd8d905bf9b9a8694765fed6 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'web/lib/pkgfuncs.inc.php')
-rw-r--r--web/lib/pkgfuncs.inc.php12
1 files changed, 5 insertions, 7 deletions
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 8d2799cc..558cf3fd 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -457,11 +457,9 @@ function pkg_search_page($SID="", $dbh=NULL) {
}
if (isset($_GET['K'])) {
- $_GET['K'] = db_escape_string(trim($_GET['K']));
-
# Search by maintainer
if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") {
- $q_where .= "AND Users.Username = '".$_GET['K']."' ";
+ $q_where .= "AND Users.Username = '".db_escape_string($_GET['K'])."' ";
}
# Search by submitter
elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") {
@@ -469,16 +467,16 @@ function pkg_search_page($SID="", $dbh=NULL) {
}
# Search by name
elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") {
- $q_where .= "AND (Name LIKE '%".$_GET['K']."%') ";
+ $q_where .= "AND (Name LIKE '%".db_escape_like($_GET['K'])."%') ";
}
# Search by name (exact match)
elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "x") {
- $q_where .= "AND (Name = '".$_GET['K']."') ";
+ $q_where .= "AND (Name = '".db_escape_string($_GET['K'])."') ";
}
# Search by name and description (Default)
else {
- $q_where .= "AND (Name LIKE '%".$_GET['K']."%' OR ";
- $q_where .= "Description LIKE '%".$_GET['K']."%') ";
+ $q_where .= "AND (Name LIKE '%".db_escape_like($_GET['K'])."%' OR ";
+ $q_where .= "Description LIKE '%".db_escape_like($_GET['K'])."%') ";
}
}