Commit da2ebb66 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

aurjson: Escape wildcards in "LIKE" patterns (fixes FS#18626).



Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE", so we need to deal with them separately.
Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 888aad47
...@@ -107,6 +107,7 @@ class AurJSON { ...@@ -107,6 +107,7 @@ class AurJSON {
} }
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_');
$query = "SELECT " . implode(',', $this->fields) . $query = "SELECT " . implode(',', $this->fields) .
" FROM Packages WHERE DummyPkg=0 AND " . " FROM Packages WHERE DummyPkg=0 AND " .
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment