Fixed bug #15642: Wrong order of quote and escape in LIKE DB clause (Thanks to Marcus...
authorSteffen Gebert <steffen.gebert@typo3.org>
Fri, 24 Sep 2010 15:37:22 +0000 (15:37 +0000)
committerSteffen Gebert <steffen.gebert@typo3.org>
Fri, 24 Sep 2010 15:37:22 +0000 (15:37 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-4@8875 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/mod/tools/em/class.em_xmlhandler.php

index 5f9c8ec..1f6a043 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2010-09-24  Steffen Gebert  <steffen@steffen-gebert.de>
 
        * Fixed bug #15373: Page browser single table list view: Entering page number doesn't work
+       * Fixed bug #15642: Wrong order of quote and escape in LIKE DB clause (Thanks to Marcus Krause)
 
 2010-09-24  Ernesto Baschny  <ernst@cron-it.de>
 
index c3032e8..4adee15 100644 (file)
@@ -73,8 +73,8 @@ class SC_mod_tools_em_xmlhandler {
                if ($search && $exactMatch)     {
                        $where.= ' AND extkey=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($search, 'cache_extensions');
                } elseif ($search) {
-                       $quotedSearch = $GLOBALS['TYPO3_DB']->quoteStr(
-                               $GLOBALS['TYPO3_DB']->escapeStrForLike($search, 'cache_extensions'),
+                       $quotedSearch = $GLOBALS['TYPO3_DB']->escapeStrForLike(
+                               $GLOBALS['TYPO3_DB']->quoteStr($search, 'cache_extensions'),
                                'cache_extensions'
                        );
                        $where .= ' AND (extkey LIKE \'%' . $quotedSearch . '%\' OR title LIKE \'%' . $quotedSearch . '%\')';