[stable9] Use paramterized parameter for \OC\SystemTag\SystemTagManager

$nameSearchPattern was passed in and directly appended to the SQL query. Luckily the code path isn't reached anywhere in Nextcloud or the included apps.
author: Lukas Reschke <lukas@owncloud.com> 2016-07-03 16:50:28 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2016-07-03 16:50:28 +0200
commit: ce70ea3501c23a2ca12cf6480e25cdec7664d02f (patch)
tree: 515a8a8f2d2c03f8d7de5b83d065efbcf02fd761
parent: 531e69947fd5e98f34b30ad919d68f111d532f29 (diff)
download: nextcloud-server-ce70ea3501c23a2ca12cf6480e25cdec7664d02f.tar.gz
nextcloud-server-ce70ea3501c23a2ca12cf6480e25cdec7664d02f.zip
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/private/systemtag/systemtagmanager.php b/lib/private/systemtag/systemtagmanager.php
index 76a60a91328..51e605cc2fb 100644
--- a/lib/private/systemtag/systemtagmanager.php
+++ b/lib/private/systemtag/systemtagmanager.php
@@ -124,10 +124,7 @@ class SystemTagManager implements ISystemTagManager {
 
 		if (!empty($nameSearchPattern)) {
 			$query->andWhere(
-				$query->expr()->like(
-					'name',
-					$query->expr()->literal('%' . $this->connection->escapeLikeParameter($nameSearchPattern). '%')
-				)
+				$query->expr()->like('name', $query->createNamedParameter('%' . $this->connection->escapeLikeParameter($nameSearchPattern) . '%'))
 			);
 		}
author	Lukas Reschke <lukas@owncloud.com>	2016-07-03 16:50:28 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2016-07-03 16:50:28 +0200
commit	ce70ea3501c23a2ca12cf6480e25cdec7664d02f (patch)
tree	515a8a8f2d2c03f8d7de5b83d065efbcf02fd761
parent	531e69947fd5e98f34b30ad919d68f111d532f29 (diff)
download	nextcloud-server-ce70ea3501c23a2ca12cf6480e25cdec7664d02f.tar.gz nextcloud-server-ce70ea3501c23a2ca12cf6480e25cdec7664d02f.zip