Escape like parameters in database user backend

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

1 files changed, 7 insertions, 3 deletions

diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index a281572ad55..b1795d27e93 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -68,6 +68,9 @@ class Database extends Backend implements IUserBackend {
 	/** @var EventDispatcher */
 	private $eventDispatcher;
 
+	/** @var \OCP\IDBConnection */
+	private $connection;
+
 	/**
 	 * \OC\User\Database constructor.
 	 *
@@ -76,6 +79,7 @@ class Database extends Backend implements IUserBackend {
 	public function __construct($eventDispatcher = null) {
 		$this->cache = new CappedMemoryCache();
 		$this->eventDispatcher = $eventDispatcher ? $eventDispatcher : \OC::$server->getEventDispatcher();
+		$this->connection = \OC::$server->getDatabaseConnection();
 	}
 
 	/**
@@ -185,8 +189,8 @@ class Database extends Backend implements IUserBackend {
 		$parameters = [];
 		$searchLike = '';
 		if ($search !== '') {
-			$parameters[] = '%' . $search . '%';
-			$parameters[] = '%' . $search . '%';
+			$parameters[] = '%' . $this->connection->escapeLikeParameter($search) . '%';
+			$parameters[] = '%' . $this->connection->escapeLikeParameter($search) . '%';
 			$searchLike = ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR '
 				. 'LOWER(`uid`) LIKE LOWER(?)';
 		}
@@ -275,7 +279,7 @@ class Database extends Backend implements IUserBackend {
 		$parameters = [];
 		$searchLike = '';
 		if ($search !== '') {
-			$parameters[] = '%' . $search . '%';
+			$parameters[] = '%' . $this->connection->escapeLikeParameter($search) . '%';
 			$searchLike = ' WHERE LOWER(`uid`) LIKE LOWER(?)';
 		}