projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 80b89e5)
Fix the searching for phrases with escaped values
authorAlexander Ebert <ebert@woltlab.com>
Mon, 2 Oct 2023 14:44:47 +0000 (16:44 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Mon, 2 Oct 2023 14:44:47 +0000 (16:44 +0200)
See https://www.woltlab.com/community/thread/301714-problems-with-language-phrase-search/

wcfsetup/install/files/lib/acp/page/LanguageItemListPage.class.php patch | blob | blame | history
wcfsetup/install/files/lib/system/database/Database.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/acp/page/LanguageItemListPage.class.php b/wcfsetup/install/files/lib/acp/page/LanguageItemListPage.class.php
index 3e163220d33ee9005a849c316c9debc9387893b2..3bb208a44c0f39a76b53d63c69ba0f8a6f5c17eb 100644 (file)
--- a/wcfsetup/install/files/lib/acp/page/LanguageItemListPage.class.php
+++ b/wcfsetup/install/files/lib/acp/page/LanguageItemListPage.class.php
@@ -186,9 +186,10 @@ class LanguageItemListPage extends SortablePage
             $this->objectList->getConditionBuilder()->add('languageItem LIKE ?', ['%' . $this->languageItem . '%']);
         }
         if ($this->languageItemValue) {
+            $searchValue = '%' . WCF::getDB()->escapeLikeValue($this->languageItemValue) . '%';
             $this->objectList->getConditionBuilder()->add(
                 '((languageUseCustomValue = 0 AND languageItemValue LIKE ?) OR languageCustomItemValue LIKE ?)',
-                ['%' . $this->languageItemValue . '%', '%' . $this->languageItemValue . '%']
+                [$searchValue, $searchValue]
             );
         }
         if ($this->hasCustomValue || $this->hasDisabledCustomValue || $this->hasRecentlyDisabledCustomValue) {
diff --git a/wcfsetup/install/files/lib/system/database/Database.class.php b/wcfsetup/install/files/lib/system/database/Database.class.php
index bddc64377797191b5702e9ba91e5993e8cb1a5fa..f8e924179d98871e4fc454f89030956014c378f4 100644 (file)
--- a/wcfsetup/install/files/lib/system/database/Database.class.php
+++ b/wcfsetup/install/files/lib/system/database/Database.class.php
@@ -433,6 +433,16 @@ abstract class Database
         return \addslashes($string);
     }
 
+    /**
+     * Escapes a value for use in a `LIKE` condition.
+     *
+     * @since 6.0
+     */
+    public function escapeLikeValue(string $value): string
+    {
+        return \addcslashes($value, "\\%_");
+    }
+
     /**
      * Returns the sql version.
      *
WoltLab Suite Core (previously WoltLab Community Framework)