From 0c5ba4573aecc9eaed669e9431a70a5d9f184b8d Mon Sep 17 00:00:00 2001
From: Unknwon <joe2010xtmf@163.com>
Date: Tue, 4 Nov 2014 11:37:15 -0500
Subject: fix session API broken and SQL pretection

---
 models/repo.go | 2 +-
 models/user.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'models')

diff --git a/models/repo.go b/models/repo.go
index 888dea1ea6..37cc7eabf5 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -1161,7 +1161,7 @@ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) {
 	if !opt.Private {
 		sess.And("is_private=false")
 	}
-	sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos)
+	sess.And("lower_name like ?", "%"+opt.Keyword+"%").Find(&repos)
 	return repos, err
 }
 
diff --git a/models/user.go b/models/user.go
index ce85008ba4..e7e6ed409f 100644
--- a/models/user.go
+++ b/models/user.go
@@ -581,7 +581,7 @@ func SearchUserByName(opt SearchOption) (us []*User, err error) {
 	opt.Keyword = strings.ToLower(opt.Keyword)
 
 	us = make([]*User, 0, opt.Limit)
-	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like '%" + opt.Keyword + "%'").Find(&us)
+	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like ?", "%"+opt.Keyword+"%").Find(&us)
 	return us, err
 }
 
-- 
cgit v1.2.3