[master] Use paramterized parameter for \OC\SystemTag\SystemTagManager

$nameSearchPattern was passed in and directly appended to the SQL query. Luckily the code path isn't reached anywhere in Nextcloud or the included apps.
author: Lukas Reschke <lukas@owncloud.com> 2016-07-03 16:54:41 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2016-07-03 16:54:41 +0200
commit: dc5fea504b195cf1e36f9a129d1f77ce7c91de13 (patch)
tree: 57e7e988ac66ccdf7223f6d8408edaa06e9b735c /lib/private
parent: 5b4cea4b366e9420a70cad4b817c1594da2ad0fe (diff)
download: nextcloud-server-dc5fea504b195cf1e36f9a129d1f77ce7c91de13.tar.gz
nextcloud-server-dc5fea504b195cf1e36f9a129d1f77ce7c91de13.zip
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/private/SystemTag/SystemTagManager.php b/lib/private/SystemTag/SystemTagManager.php
index 2b0ef03e471..3e32582025f 100644
--- a/lib/private/SystemTag/SystemTagManager.php
+++ b/lib/private/SystemTag/SystemTagManager.php
@@ -140,10 +140,7 @@ class SystemTagManager implements ISystemTagManager {
 
 		if (!empty($nameSearchPattern)) {
 			$query->andWhere(
-				$query->expr()->like(
-					'name',
-					$query->expr()->literal('%' . $this->connection->escapeLikeParameter($nameSearchPattern). '%')
-				)
+				$query->expr()->like('name', $query->createNamedParameter('%' . $this->connection->escapeLikeParameter($nameSearchPattern) . '%'))
 			);
 		}
author	Lukas Reschke <lukas@owncloud.com>	2016-07-03 16:54:41 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2016-07-03 16:54:41 +0200
commit	dc5fea504b195cf1e36f9a129d1f77ce7c91de13 (patch)
tree	57e7e988ac66ccdf7223f6d8408edaa06e9b735c /lib/private
parent	5b4cea4b366e9420a70cad4b817c1594da2ad0fe (diff)
download	nextcloud-server-dc5fea504b195cf1e36f9a129d1f77ce7c91de13.tar.gz nextcloud-server-dc5fea504b195cf1e36f9a129d1f77ce7c91de13.zip