]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8c95e46)
Properly escape underscore in db query 34569/head
authorCarl Schwan <carl@carlschwan.eu>
Thu, 13 Oct 2022 16:50:36 +0000 (18:50 +0200)
committerGitHub <noreply@github.com>
Thu, 13 Oct 2022 16:50:36 +0000 (18:50 +0200)
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
apps/user_status/lib/Db/UserStatusMapper.php patch | blob | history

diff --git a/apps/user_status/lib/Db/UserStatusMapper.php b/apps/user_status/lib/Db/UserStatusMapper.php
index cb7ad5392db830ecae047d08799071c6d348b231..d40c6a298605032a3c58544195b7125394500ce5 100644 (file)
--- a/apps/user_status/lib/Db/UserStatusMapper.php
+++ b/apps/user_status/lib/Db/UserStatusMapper.php
@@ -83,7 +83,7 @@ class UserStatusMapper extends QBMapper {
                                        $qb->expr()->isNotNull('custom_icon'),
                                        $qb->expr()->isNotNull('custom_message'),
                                ),
-                               $qb->expr()->notLike('user_id', $qb->createNamedParameter('\_%'))
+                               $qb->expr()->notLike('user_id', $qb->createNamedParameter($this->db->escapeLikeParameter('_') . '%'))
                        ));
 
                if ($limit !== null) {
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server