aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Acl.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-01-12 13:05:36 -0800
committerzotlabs <mike@macgirvin.com>2017-01-12 13:05:36 -0800
commit9fb8661eef778c89661396810567655c252b57e9 (patch)
tree6d0a2c5c86d96cf7ee366fcdb563133aae17cf33 /Zotlabs/Module/Acl.php
parent91b81d6a2c25bc6c2c3cc84db78d6e5fc9d6022a (diff)
downloadvolse-hubzilla-9fb8661eef778c89661396810567655c252b57e9.tar.gz
volse-hubzilla-9fb8661eef778c89661396810567655c252b57e9.tar.bz2
volse-hubzilla-9fb8661eef778c89661396810567655c252b57e9.zip
missing protect_sprintf which is the source of issue #642 - if a mention search contains % it will result in an SQL vsprintf error
Diffstat (limited to 'Zotlabs/Module/Acl.php')
-rw-r--r--Zotlabs/Module/Acl.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index 29c1e5280..2b364d9ac 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -87,8 +87,8 @@ class Acl extends \Zotlabs\Web\Controller {
$order_extra2 = "CASE WHEN xchan_name LIKE "
. protect_sprintf( "'%" . dbesc($search) . "%'" )
- . " then POSITION('" . dbesc($search)
- . "' IN xchan_name) else position('" . dbesc($search) . "' IN xchan_addr) end, ";
+ . " then POSITION('" . protect_sprintf(dbesc($search))
+ . "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, ";
$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";