[BUGFIX] Escape search strings for LIKE in DatabaseConnection::searchQuery 99/42899/2
authorMorton Jonuschat <m.jonuschat@mojocode.de>
Fri, 28 Aug 2015 06:43:28 +0000 (08:43 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 9 Sep 2015 10:28:25 +0000 (12:28 +0200)
commit534c8ff267bd4e4b33c2a88784b30764cea9bc4b
tree01237a0e4b9c812cfac70283070048bf3a164ad1
parent6bb7938175f9775ef4f054304bd9455990aa96b5
[BUGFIX] Escape search strings for LIKE in DatabaseConnection::searchQuery

LIKE queries support special placeholders (_ and %). These characters
need proper escaping before being used in database queries. Use the
escapeStrForLike() method to provide properly escaped strings to the
query.

Resolves: #69241
Releases: master
Change-Id: I92316e5a8c6c410307e2a332e73189ef9f9fddd2
Reviewed-on: http://review.typo3.org/42899
Reviewed-by: Alexander Opitz <opitz.alexander@googlemail.com>
Tested-by: Alexander Opitz <opitz.alexander@googlemail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/core/Classes/Database/DatabaseConnection.php
typo3/sysext/core/Tests/Unit/Database/DatabaseConnectionTest.php