Project

General

Profile

Actions
Copy link

Bug #14679

closed

tslib_cObj->searchWhere does not escape SQL-LIKE-wildcards

Added by Martin Kutschker over 19 years ago. Updated over 18 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Martin Kutschker
Category:
Frontend
Target version:
-
Start date:
2005-04-18
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
3.8.0
PHP Version:
4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

As the function expects user input it must escape _ and %.

Escaping is probably DB dependent so the fix could go into t3lib_db. Either as quoteStrForLike() or as a third and optional paramter to quoteStr().

(issue imported from #M990)

Files

class.tslib_content.990.patch (660 Bytes) class.tslib_content.990.patch Administrator Admin, 2005-05-19 18:33
Actions
Copy link
 #1

Updated by Karsten Dambekalns over 19 years ago

The attached tiny patch fixes this in searchWhere itself.

This could go in quoteStr as pointed out - do we want this? Should this be done always, or on request?

Actions
Copy link
 #2

Updated by Martin Kutschker over 19 years ago

In quoteStr only on request as we don't know whether the string is used in a LIKE comparison. But personally I prefer quoteStrForLike().

Actions
Copy link
 #3

Updated by Karsten Dambekalns almost 19 years ago

Has been fixed by Martin 2005-01-05.

Actions
Copy link

Also available in: Atom PDF