From 0cf2e051bbe98166e99025bc1f32a6e8e08a26f2 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sat, 31 Mar 2012 14:48:35 -0700
Subject: [PATCH] escape % in file_tag_query as it is ultimately embedded in a
 sprintf

---
 boot.php         | 2 +-
 include/text.php | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/boot.php b/boot.php
index ec1ffbbf48..6309a5f9b0 100755
--- a/boot.php
+++ b/boot.php
@@ -9,7 +9,7 @@ require_once('include/nav.php');
 require_once('include/cache.php');
 
 define ( 'FRIENDICA_PLATFORM',     'Friendica');
-define ( 'FRIENDICA_VERSION',      '2.3.1297' );
+define ( 'FRIENDICA_VERSION',      '2.3.1298' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
 define ( 'DB_UPDATE_VERSION',      1134      );
 
diff --git a/include/text.php b/include/text.php
index f758c37ee6..64f6f72a8c 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1306,6 +1306,10 @@ function file_tag_decode($s) {
 }
 
 function file_tag_file_query($table,$s,$type = 'file') {
+
+	// this is ultimately going into a vsprintf
+	$s = str_replace('%','%%',$s);
+
 	if($type == 'file')
 		$str = preg_quote( '[' . file_tag_encode($s) . ']' );
 	else