diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2013-01-25 09:09:38 -0800 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2013-01-25 09:09:38 -0800 |
| commit | 98e709220a4636ecec05ebf6a15a8a564400be0a (patch) | |
| tree | d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/g2_import/controllers/g2.php | |
| parent | 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff) | |
| parent | 48bd19808c38a8de20cfece1adc1ffe226da3783 (diff) | |
Merge pull request #100 from shadlaws/fix_1956
#1956 - Escape LIKE queries (for _ and %).
Diffstat (limited to 'modules/g2_import/controllers/g2.php')
| -rw-r--r-- | modules/g2_import/controllers/g2.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/g2_import/controllers/g2.php b/modules/g2_import/controllers/g2.php index 5a76940e..0645266b 100644 --- a/modules/g2_import/controllers/g2.php +++ b/modules/g2_import/controllers/g2.php @@ -49,7 +49,7 @@ class G2_Controller extends Controller { if ($view == "core.DownloadItem") { $where[] = array("resource_type", "IN", array("file", "resize", "thumbnail", "full")); } else if ($view) { - $where[] = array("g2_url", "like", "%g2_view=$view%"); + $where[] = array("g2_url", "LIKE", "%" . Database::escape_for_like("g2_view=$view") . "%"); } // else: Assuming that the first search hit is sufficiently good. } else if ($path) { $where = array(array("g2_url", "IN", array($path, str_replace(" ", "+", $path)))); |