]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 623d349)
Correctly escape the paths so we only display favorites instead of wildcards
authorJoas Schilling <nickvergessen@owncloud.com>
Fri, 13 Nov 2015 09:33:33 +0000 (10:33 +0100)
committerJoas Schilling <nickvergessen@owncloud.com>
Mon, 30 Nov 2015 16:12:48 +0000 (17:12 +0100)
apps/files/lib/activity.php patch | blob | history

diff --git a/apps/files/lib/activity.php b/apps/files/lib/activity.php
index d473120b31fc946ad13c39187c93f4f2b0ab2b48..c171b3bfabf160ba2bc612920e1b7f28255efcaa 100644 (file)
--- a/apps/files/lib/activity.php
+++ b/apps/files/lib/activity.php
@@ -391,7 +391,7 @@ class Activity implements IExtension {
                        }
                        foreach ($favorites['folders'] as $favorite) {
                                $fileQueryList[] = '`file` LIKE ?';
-                               $parameters[] = $favorite . '/%';
+                               $parameters[] = \OC::$server->getDatabaseConnection()->escapeLikeParameter($favorite) . '/%';
                        }
 
                        return [
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server