mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-06 08:27:42 +02:00
Code Issues Releases Wiki Activity

fix: Escape like strings

Browse Source
This commit is contained in:
SychO9
2021-08-29 11:57:00 +01:00
parent da94488f7b
commit c5272b330c
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/User/Search/Gambit/FulltextGambit.php
View File

@@ -34,6 +34,8 @@ class FulltextGambit implements GambitInterface
*/ */
private function getUserSearchSubQuery($searchValue) private function getUserSearchSubQuery($searchValue)
{ {
$searchValue = $this->users->escapeLikeString($searchValue);
return $this->users return $this->users
->query() ->query()
->select('id') ->select('id')

6
src/User/UserRepository.php
View File

@@ -102,6 +102,8 @@ class UserRepository
* @param string $string * @param string $string
* @param User|null $actor * @param User|null $actor
* @return array * @return array
*
* @deprecated remove in 2.0 (no longer used since https://github.com/flarum/core/pull/1878)
*/ */
public function getIdsForUsername($string, User $actor = null) public function getIdsForUsername($string, User $actor = null)
{ {
@@ -135,8 +137,10 @@ class UserRepository
* *
* @param string $string * @param string $string
* @return string * @return string
*
* @internal
*/ */
private function escapeLikeString($string) public function escapeLikeString($string)
{ {
return str_replace(['\\', '%', '_'], ['\\\\', '\%', '\_'], $string); return str_replace(['\\', '%', '_'], ['\\\\', '\%', '\_'], $string);
} }