From e329a3d4e9d441b59b2f1822bdc4bac74add8d24 Mon Sep 17 00:00:00 2001
From: Neil Blakey-Milner <nbm@knowledgetree.com>
Date: Thu, 28 Sep 2006 08:37:10 +0000
Subject: [PATCH] KTS-1382: Escape contents of LIKE searches.

---
 lib/browse/Criteria.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/browse/Criteria.inc b/lib/browse/Criteria.inc
index a7d2c16..160d2ce 100644
--- a/lib/browse/Criteria.inc
+++ b/lib/browse/Criteria.inc
@@ -245,7 +245,7 @@ class BrowseCriterion {
     function searchSQL ($aRequest, $handle_not = true) {
         $val = null;
         if ($this->bString) {
-            $val = array($this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%'", array($aRequest[$this->getWidgetBase()]));
+            $val = array($this->getSearchTable() . "." .  $this->getSearchField() . " LIKE '%!%'", array(DBUtil::escapeSimple($aRequest[$this->getWidgetBase()])));
         } else {
             $val = array($this->getSearchTable() . "." . $this->getSearchField() . " = ?", array($aRequest[$this->getWidgetBase()]));
         }
--
libgit2 0.21.4