upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 00:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Merge pull request #3856 from nextcloud/escape-likes-in-database-user-backend

Browse source 
Escape like parameters in database user backend
This commit is contained in:
Roeland Jago Douma 2017-03-17 08:53:10 +01:00 committed by GitHub
commit 51846c95d9
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/private/User/Database.php
View file

@ -185,8 +185,8 @@ class Database extends Backend implements IUserBackend {
$parameters = [];
$searchLike = '';
if ($search !== '') {
$parameters[] = '%' . $search . '%';
$parameters[] = '%' . $search . '%';
$parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
$parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
$searchLike = ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR '
. 'LOWER(`uid`) LIKE LOWER(?)';
}
@ -275,7 +275,7 @@ class Database extends Backend implements IUserBackend {
$parameters = [];
$searchLike = '';
if ($search !== '') {
$parameters[] = '%' . $search . '%';
$parameters[] = '%' . \OC::$server->getDatabaseConnection()->escapeLikeParameter($search) . '%';
$searchLike = ' WHERE LOWER(`uid`) LIKE LOWER(?)';
}