fix: Escape like strings

2025-08-06 16:36:47 +02:00 · 2021-08-29 11:57:00 +01:00
parent da94488f7b
commit c5272b330c
2 changed files with 7 additions and 1 deletions
--- a/src/User/Search/Gambit/FulltextGambit.php
+++ b/src/User/Search/Gambit/FulltextGambit.php
@@ -34,6 +34,8 @@ class FulltextGambit implements GambitInterface
     */
    private function getUserSearchSubQuery($searchValue)
    {
+        $searchValue = $this->users->escapeLikeString($searchValue);
+
        return $this->users
            ->query()
            ->select('id')
--- a/src/User/UserRepository.php
+++ b/src/User/UserRepository.php
@@ -102,6 +102,8 @@ class UserRepository
     * @param string $string
     * @param User|null $actor
     * @return array
+     *
+     * @deprecated remove in 2.0 (no longer used since https://github.com/flarum/core/pull/1878)
     */
    public function getIdsForUsername($string, User $actor = null)
    {
@@ -135,8 +137,10 @@ class UserRepository
     *
     * @param string $string
     * @return string
+     *
+     * @internal
     */
-    private function escapeLikeString($string)
+    public function escapeLikeString($string)
    {
        return str_replace(['\\', '%', '_'], ['\\\\', '\%', '\_'], $string);
    }