KTS-1382: Escape contents of LIKE searches.

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6002 c91229c3-7414-0410-bfa2-8a42b809f60b

KTS-1382: Escape contents of LIKE searches.
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6002 c91229c3-7414-0410-bfa2-8a42b809f60b
Neil Blakey-Milner
1 parent 343ac691
Showing 1 changed file with 1 additions and 1 deletions
lib/browse/Criteria.inc
@@ -245,7 +245,7 @@ class BrowseCriterion {
     function searchSQL ($aRequest, $handle_not = true) {
         $val = null;
         if ($this->bString) {
-            $val = array($this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%'", array($aRequest[$this->getWidgetBase()]));
+            $val = array($this->getSearchTable() . "." .  $this->getSearchField() . " LIKE '%!%'", array(DBUtil::escapeSimple($aRequest[$this->getWidgetBase()])));
         } else {
             $val = array($this->getSearchTable() . "." . $this->getSearchField() . " = ?", array($aRequest[$this->getWidgetBase()]));
         }