[BUGFIX] Return correct query part in ContentObjectRenderer::searchWhere 14/55914/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 27 Feb 2018 06:44:11 +0000 (07:44 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 28 Feb 2018 22:22:35 +0000 (23:22 +0100)
Avoid using a prepared statement to return the final query part.

Resolves: #84022
Releases: master, 8.7
Change-Id: I31c44172221962c1dbb3d97d02f6cfa61449d20a
Reviewed-on: https://review.typo3.org/55914
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Joerg Boesche <typo3@joergboesche.de>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Sven Juergens <typo3@blue-side.de>
Tested-by: Sven Juergens <typo3@blue-side.de>
Reviewed-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php

index 5cbfeec..95d0423 100644 (file)
@@ -6332,10 +6332,7 @@ class ContentObjectRenderer
             $searchWord = $queryBuilder->escapeLikeWildcards($searchWord);
             foreach ($searchFields as $field) {
                 $searchWordConstraint->add(
-                    $queryBuilder->expr()->like(
-                        $prefixTableName . $field,
-                        $queryBuilder->createNamedParameter('%' . $searchWord . '%', \PDO::PARAM_STR)
-                    )
+                    $queryBuilder->expr()->like($prefixTableName . $field, $queryBuilder->quote('%' . $searchWord . '%'))
                 );
             }