summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2017-03-17 08:53:10 +0100
committerGitHub <noreply@github.com>2017-03-17 08:53:10 +0100
commit51846c95d99f1f4b134a335db795df9bcafe4fbe (patch)
treee9ac161389f638e770a1ee4f3fb3570f407e2820 /lib
parent9915aa6d9c5f5cf4ebac0b6bc0df0c16ca215c70 (diff)
parentd134dea50897382021fb78661edaab483fdfff73 (diff)
downloadnextcloud-server-51846c95d99f1f4b134a335db795df9bcafe4fbe.tar.gz
nextcloud-server-51846c95d99f1f4b134a335db795df9bcafe4fbe.zip
Merge pull request #3856 from nextcloud/escape-likes-in-database-user-backend
Escape like parameters in database user backend
Diffstat (limited to 'lib')
-rw-r--r--lib/private/User/Database.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index a281572ad55..060953c3009 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -185,8 +185,8 @@ class Database extends Backend implements IUserBackend {
$parameters = [];
$searchLike = '';
if ($search !== '') {
- $parameters[] = '%' . $search . '%';
- $parameters[] = '%' . $search . '%';
+ $parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
+ $parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
$searchLike = ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR '
. 'LOWER(`uid`) LIKE LOWER(?)';
}
@@ -275,7 +275,7 @@ class Database extends Backend implements IUserBackend {
$parameters = [];
$searchLike = '';
if ($search !== '') {
- $parameters[] = '%' . $search . '%';
+ $parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
$searchLike = ' WHERE LOWER(`uid`) LIKE LOWER(?)';
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-10 21:15:28 +0000