From 7c0de08cc44e0b04f23d6f3fa2d6030991935c54 Mon Sep 17 00:00:00 2001
From: Aaron Wood <aaronjwood@gmail.com>
Date: Wed, 20 Jul 2016 08:20:45 -0400
Subject: Escape special characters (#25429)

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
---
 apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'apps/dav')

diff --git a/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php b/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php
index d0d348e170e..b319350c7f0 100644
--- a/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php
+++ b/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php
@@ -327,7 +327,7 @@ class CustomPropertiesBackend implements BackendInterface {
 
 		$result = $this->connection->executeQuery(
 			$sql,
-			array($this->user, rtrim($path, '/') . '/%', $requestedProperties),
+			array($this->user, $this->connection->escapeLikeParameter(rtrim($path, '/')) . '/%', $requestedProperties),
 			array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY)
 		);
 
-- 
cgit v1.2.3