mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-19 15:51:16 +02:00
Code Issues Releases Wiki Activity

Escape string used in LIKE query

Browse Source
This commit is contained in:
Toby Zerner
2018-06-15 19:19:43 +09:30
parent c498e68530
commit 569e6c9a92
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/User/UserRepository.php
View File

@@ -90,6 +90,8 @@ class UserRepository
*/ */
public function getIdsForUsername($string, User $actor = null) public function getIdsForUsername($string, User $actor = null)
{ {
$string = $this->escapeLikeString($string);
$query = User::where('username', 'like', '%'.$string.'%') $query = User::where('username', 'like', '%'.$string.'%')
->orderByRaw('username = ? desc', [$string]) ->orderByRaw('username = ? desc', [$string])
->orderByRaw('username like ? desc', [$string.'%']); ->orderByRaw('username like ? desc', [$string.'%']);
@@ -112,4 +114,15 @@ class UserRepository
return $query; return $query;
} }
/**
* Escape special characters that can be used as wildcards in a LIKE query.
*
* @param string $string
* @return string
*/
private function escapeLikeString($string)
{
return str_replace(['\\', '%', '_'], ['\\\\', '\%', '\_'], $string);
}
} }