Commit da2ebb66 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

aurjson: Escape wildcards in "LIKE" patterns (fixes FS#18626).

Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE", so we need to deal with them separately.

Signed-off-by: default avatarLukas Fleischer <>
parent 888aad47
......@@ -107,6 +107,7 @@ class AurJSON {
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_');
$query = "SELECT " . implode(',', $this->fields) .
" FROM Packages WHERE DummyPkg=0 AND " .
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment