Peter M. Groen / knowledgetree

Commit e329a3d4e9d441b59b2f1822bdc4bac74add8d24

Authored by Neil Blakey-Milner
1 parent 343ac691

KTS-1382: Escape contents of LIKE searches. 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6002 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 1 additions and 1 deletions
lib/browse/Criteria.inc
  View file @e329a3d
@@ -245,7 +245,7 @@ class BrowseCriterion { @@ -245,7 +245,7 @@ class BrowseCriterion {
245 function searchSQL ($aRequest, $handle_not = true) { 245 function searchSQL ($aRequest, $handle_not = true) {
246 $val = null; 246 $val = null;
247 if ($this->bString) { 247 if ($this->bString) {
248 - $val = array($this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%'", array($aRequest[$this->getWidgetBase()])); 248 + $val = array($this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%'", array(DBUtil::escapeSimple($aRequest[$this->getWidgetBase()])));
249 } else { 249 } else {
250 $val = array($this->getSearchTable() . "." . $this->getSearchField() . " = ?", array($aRequest[$this->getWidgetBase()])); 250 $val = array($this->getSearchTable() . "." . $this->getSearchField() . " = ?", array($aRequest[$this->getWidgetBase()]));
251 } 251 }