summaryrefslogtreecommitdiffstats
path: root/web/template/footer.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-10-20 08:43:44 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-10-25 09:25:43 +0200
commite53b91fe52be262d94a45769814c1e87c796988b (patch)
tree7500e0c1aef89939d642e703f71d4c1c585fd832 /web/template/footer.php
parent10b6a8fff7e6d407421c74889455b969be7f867f (diff)
downloadaur-e53b91fe52be262d94a45769814c1e87c796988b.tar.gz
aur-e53b91fe52be262d94a45769814c1e87c796988b.tar.xz
Escape wildcards in "LIKE" patterns
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb667b7a332ddd8d905bf9b9a8694765fed6 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'web/template/footer.php')
0 files changed, 0 insertions, 0 deletions