Merge pull request #100 from shadlaws/fix_1956

#1956 - Escape LIKE queries (for _ and %).
author: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
commit: 98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree: d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/libraries/drivers/Cache/Database.php
parent: 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent: 48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php
index a7aae92c..8790d0e1 100644
--- a/modules/gallery/libraries/drivers/Cache/Database.php
+++ b/modules/gallery/libraries/drivers/Cache/Database.php
@@ -69,7 +69,7 @@ class Cache_Database_Driver extends Cache_Driver {
       ->select()
       ->from("caches");
     foreach ($tags as $tag) {
-      $db->where("tags", "LIKE", "%<$tag>%");
+      $db->where("tags", "LIKE", "%" . Database::escape_for_like("<$tag>") . "%");
     }
     $db_result = $db->execute();
 
@@ -139,7 +139,7 @@ class Cache_Database_Driver extends Cache_Driver {
       // Delete all caches
     } else if ($is_tag === true) {
       foreach ($keys as $tag) {
-        $db->where("tags", "LIKE", "%<$tag>%");
+        $db->where("tags", "LIKE", "%" . Database::escape_for_like("<$tag>") . "%");
       }
     } else {
       $db->where("key", "IN", $keys);
author	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
commit	98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree	d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/libraries/drivers/Cache/Database.php
parent	4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent	48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)