Project

General

Profile

Actions
Copy link

Bug #2376

closed

Improper LIKE escaping

Added by beat over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
beat
Target version:
2.0
Start date:
08 March 2011
Due date:
% Done:

100%

Estimated time:

Description

tab.groupjive.php line 32 AND line 95 (and all other LIKE statements):

            $where[]            =    '( ' . $_CB_database->NameQuote( 'name' ) . ' LIKE ' . $_CB_database->Quote( '%' . $search . '%' ) . ' )';

is not escaped properly for e.g. %

This should be as of CB 1.4 API:

            $where[]            =    '( ' . $_CB_database->NameQuote( 'name' ) . ' LIKE ' . $_CB_database->Quote( '%' . $_CB_database->getEscaped( $search, true ) . '%', false ) . ' )';
Actions
Copy link
 #1

Updated by beat over 13 years ago

line 157 and 227 and others too

Actions
Copy link
 #2

Updated by krileon over 13 years ago

  • Status changed from New to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 0 to 100

Fixed with r1603

Actions
Copy link
 #3

Updated by krileon over 13 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF