Browse Source

escape % in file_tag_query as it is ultimately embedded in a sprintf

pull/194/merge
friendica 9 years ago
parent
commit
0cf2e051bb
2 changed files with 5 additions and 1 deletions
  1. +1
    -1
      boot.php
  2. +4
    -0
      include/text.php

+ 1
- 1
boot.php View File

@ -9,7 +9,7 @@ require_once('include/nav.php');
require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '2.3.1297' );
define ( 'FRIENDICA_VERSION', '2.3.1298' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1134 );


+ 4
- 0
include/text.php View File

@ -1306,6 +1306,10 @@ function file_tag_decode($s) {
}
function file_tag_file_query($table,$s,$type = 'file') {
// this is ultimately going into a vsprintf
$s = str_replace('%','%%',$s);
if($type == 'file')
$str = preg_quote( '[' . file_tag_encode($s) . ']' );
else


Loading…
Cancel
Save