Merge pull request #100 from shadlaws/fix_1956

#1956 - Escape LIKE queries (for _ and %).
author: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
commit: 98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree: d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/helpers
parent: 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent: 48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php
index 10799567..efeba2ef 100644
--- a/modules/gallery/helpers/item_rest.php
+++ b/modules/gallery/helpers/item_rest.php
@@ -64,7 +64,7 @@ class item_rest_Core {
     }
 
     if (isset($p->name)) {
-      $orm->where("name", "LIKE", "%{$p->name}%");
+      $orm->where("name", "LIKE", "%" . Database::escape_for_like($p->name) . "%");
     }
 
     if (isset($p->type)) {
author	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
commit	98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree	d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/helpers
parent	4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent	48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)