diff options
author | friendica <info@friendica.com> | 2012-03-31 14:48:35 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-03-31 14:48:35 -0700 |
commit | 0cf2e051bbe98166e99025bc1f32a6e8e08a26f2 (patch) | |
tree | 7176ea3d692e21c58d0ab2730a3a98858e6e85f5 /include | |
parent | adebc2793e84344fca1700eb6af583a9a0abcb1a (diff) | |
download | volse-hubzilla-0cf2e051bbe98166e99025bc1f32a6e8e08a26f2.tar.gz volse-hubzilla-0cf2e051bbe98166e99025bc1f32a6e8e08a26f2.tar.bz2 volse-hubzilla-0cf2e051bbe98166e99025bc1f32a6e8e08a26f2.zip |
escape % in file_tag_query as it is ultimately embedded in a sprintf
Diffstat (limited to 'include')
-rw-r--r-- | include/text.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/text.php b/include/text.php index f758c37ee..64f6f72a8 100644 --- a/include/text.php +++ b/include/text.php @@ -1306,6 +1306,10 @@ function file_tag_decode($s) { } function file_tag_file_query($table,$s,$type = 'file') { + + // this is ultimately going into a vsprintf + $s = str_replace('%','%%',$s); + if($type == 'file') $str = preg_quote( '[' . file_tag_encode($s) . ']' ); else |