Bug #2376: Improper LIKE escaping - CB GroupJive - Joomlapolis forge

Actions

Copy link

Bug #2376

closed

Improper LIKE escaping

Added by beat about 13 years ago. Updated about 13 years ago.

Status:

Closed

Priority:

Normal

Assignee:

beat

Target version:

2.0

Start date:

08 March 2011

Due date:

% Done:

100%

Estimated time:

Description

tab.groupjive.php line 32 AND line 95 (and all other LIKE statements):

            $where[]            =    '( ' . $_CB_database->NameQuote( 'name' ) . ' LIKE ' . $_CB_database->Quote( '%' . $search . '%' ) . ' )';

is not escaped properly for e.g. %

This should be as of CB 1.4 API:

            $where[]            =    '( ' . $_CB_database->NameQuote( 'name' ) . ' LIKE ' . $_CB_database->Quote( '%' . $_CB_database->getEscaped( $search, true ) . '%', false ) . ' )';

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Incubator » CB GroupJive

Custom queries

Bug #2376

Improper LIKE escaping

Updated by beat about 13 years ago

Updated by krileon about 13 years ago

Updated by krileon about 13 years ago