escape % in file_tag_query as it is ultimately embedded in a sprintf
This commit is contained in:
parent
adebc2793e
commit
0cf2e051bb
2 changed files with 5 additions and 1 deletions
2
boot.php
2
boot.php
|
@ -9,7 +9,7 @@ require_once('include/nav.php');
|
|||
require_once('include/cache.php');
|
||||
|
||||
define ( 'FRIENDICA_PLATFORM', 'Friendica');
|
||||
define ( 'FRIENDICA_VERSION', '2.3.1297' );
|
||||
define ( 'FRIENDICA_VERSION', '2.3.1298' );
|
||||
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
|
||||
define ( 'DB_UPDATE_VERSION', 1134 );
|
||||
|
||||
|
|
|
@ -1306,6 +1306,10 @@ function file_tag_decode($s) {
|
|||
}
|
||||
|
||||
function file_tag_file_query($table,$s,$type = 'file') {
|
||||
|
||||
// this is ultimately going into a vsprintf
|
||||
$s = str_replace('%','%%',$s);
|
||||
|
||||
if($type == 'file')
|
||||
$str = preg_quote( '[' . file_tag_encode($s) . ']' );
|
||||
else
|
||||
|
|
Loading…
Reference in a new issue