Stop using the `escapeString` helper in MysqlSearchEngine

diff --git a/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php b/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php
index b8d6e4654191e74fdd0e988e36cf3faedc8b440b..4518464e2a1dc6b91cded933ca5081769fd114d7 100644 (file)
--- a/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php
+++ b/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php
@@ -146,7 +146,8 @@ class MysqlSearchEngine extends AbstractSearchEngine
             );
 
             if ($orderBy == 'relevance ASC' || $orderBy == 'relevance DESC') {
-                $relevanceCalc = "MATCH (subject" . (!$subjectOnly ? ', message, metaData' : '') . ") AGAINST ('" . escapeString($q) . "') + (5 / (1 + POW(LN(1 + (" . TIME_NOW . " - time) / 2592000), 2))) AS relevance";
+                $escapedQuery = WCF::getDB()->escapeString($q);
+                $relevanceCalc = "MATCH (subject" . (!$subjectOnly ? ', message, metaData' : '') . ") AGAINST ('" . $escapedQuery . "') + (5 / (1 + POW(LN(1 + (" . TIME_NOW . " - time) / 2592000), 2))) AS relevance";
             }
         }