escape % in file_tag_query as it is ultimately embedded in a sprintf

This commit is contained in:
friendica 2012-03-31 14:48:35 -07:00
parent adebc2793e
commit 0cf2e051bb
2 changed files with 5 additions and 1 deletions

View file

@ -9,7 +9,7 @@ require_once('include/nav.php');
require_once('include/cache.php'); require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica'); define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '2.3.1297' ); define ( 'FRIENDICA_VERSION', '2.3.1298' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1134 ); define ( 'DB_UPDATE_VERSION', 1134 );

View file

@ -1306,6 +1306,10 @@ function file_tag_decode($s) {
} }
function file_tag_file_query($table,$s,$type = 'file') { function file_tag_file_query($table,$s,$type = 'file') {
// this is ultimately going into a vsprintf
$s = str_replace('%','%%',$s);
if($type == 'file') if($type == 'file')
$str = preg_quote( '[' . file_tag_encode($s) . ']' ); $str = preg_quote( '[' . file_tag_encode($s) . ']' );
else else