Merge pull request #100 from shadlaws/fix_1956

#1956 - Escape LIKE queries (for _ and %).
author: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
commit: 98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree: d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/tag
parent: 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent: 48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php
index 77ad7f50..77d45a95 100644
--- a/modules/tag/controllers/tags.php
+++ b/modules/tag/controllers/tags.php
@@ -52,7 +52,7 @@ class Tags_Controller extends Controller {
     $limit = Input::instance()->get("limit");
     $tag_part = ltrim(end($tag_parts));
     $tag_list = ORM::factory("tag")
-      ->where("name", "LIKE", "{$tag_part}%")
+      ->where("name", "LIKE", Database::escape_for_like($tag_part) . "%")
       ->order_by("name", "ASC")
       ->limit($limit)
       ->find_all();
author	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
commit	98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree	d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/tag
parent	4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent	48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)