fix session API broken and SQL pretection

author: Unknwon <joe2010xtmf@163.com> 2014-11-04 11:37:15 -0500
committer: Unknwon <joe2010xtmf@163.com> 2014-11-04 11:37:15 -0500
commit: 0c5ba4573aecc9eaed669e9431a70a5d9f184b8d (patch)
tree: aaca06a83f8c6d827a728a9a672d53b7d2187464 /models/user.go
parent: 69a98236bdab4345c8b397a5a91f5e5abf745b42 (diff)
download: gitea-0c5ba4573aecc9eaed669e9431a70a5d9f184b8d.tar.gz
gitea-0c5ba4573aecc9eaed669e9431a70a5d9f184b8d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/models/user.go b/models/user.go
index ce85008ba4..e7e6ed409f 100644
--- a/models/user.go
+++ b/models/user.go
@@ -581,7 +581,7 @@ func SearchUserByName(opt SearchOption) (us []*User, err error) {
 	opt.Keyword = strings.ToLower(opt.Keyword)
 
 	us = make([]*User, 0, opt.Limit)
-	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like '%" + opt.Keyword + "%'").Find(&us)
+	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like ?", "%"+opt.Keyword+"%").Find(&us)
 	return us, err
 }
author	Unknwon <joe2010xtmf@163.com>	2014-11-04 11:37:15 -0500
committer	Unknwon <joe2010xtmf@163.com>	2014-11-04 11:37:15 -0500
commit	0c5ba4573aecc9eaed669e9431a70a5d9f184b8d (patch)
tree	aaca06a83f8c6d827a728a9a672d53b7d2187464 /models/user.go
parent	69a98236bdab4345c8b397a5a91f5e5abf745b42 (diff)
download	gitea-0c5ba4573aecc9eaed669e9431a70a5d9f184b8d.tar.gz gitea-0c5ba4573aecc9eaed669e9431a70a5d9f184b8d.zip