mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-18 23:31:17 +02:00
Code Issues Releases Wiki Activity

Escape string used in LIKE query

Browse Source
This commit is contained in:
Toby Zerner
2018-06-15 19:19:43 +09:30
parent 09528a38d0
commit bc092c48d4
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
framework/core/src/User/UserRepository.php
View File

@@ -90,6 +90,8 @@ class UserRepository
*/
public function getIdsForUsername($string, User $actor = null)
{
$string = $this->escapeLikeString($string);
$query = User::where('username', 'like', '%'.$string.'%')
->orderByRaw('username = ? desc', [$string])
->orderByRaw('username like ? desc', [$string.'%']);
@@ -112,4 +114,15 @@ class UserRepository
return $query;
}
/**
* Escape special characters that can be used as wildcards in a LIKE query.
*
* @param string $string
* @return string
*/
private function escapeLikeString($string)
{
return str_replace(['\\', '%', '_'], ['\\\\', '\%', '\_'], $string);
}
}