From 514c994e6a323cd8075da1442c32e65f036539ff Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 29 May 2012 17:14:35 -0700
Subject: possible sql injection in search

---
 include/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/api.php')

diff --git a/include/api.php b/include/api.php
index 5697fbdbc..5c17b35f5 100644
--- a/include/api.php
+++ b/include/api.php
@@ -995,8 +995,8 @@
                 else
                         $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
                                 dbesc(protect_sprintf('%' . $myurl)),
-                                dbesc(protect_sprintf('%' . $myurl . '\\]%')),
-                                dbesc(protect_sprintf('%' . $diasp_url . '\\]%'))
+                                dbesc(protect_sprintf('%' . $myurl . ']%')),
+                                dbesc(protect_sprintf('%' . $diasp_url . ']%'))
                         );
 
 		if ($max_id > 0)
-- 
cgit v1.2.3