From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 21 Sep 2021 15:11:41 +0000 (+0200)
Subject: Stop using the `escapeString` helper in MysqlSearchEngine
X-Git-Tag: 5.5.0_Alpha_1~430
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=97b4741a7e3143b3c1b41b5108ecb0223065b9ec;p=GitHub%2FWoltLab%2FWCF.git

Stop using the `escapeString` helper in MysqlSearchEngine
---

diff --git a/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php b/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php
index b8d6e46541..4518464e2a 100644
--- a/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php
+++ b/wcfsetup/install/files/lib/system/search/mysql/MysqlSearchEngine.class.php
@@ -146,7 +146,8 @@ class MysqlSearchEngine extends AbstractSearchEngine
             );
 
             if ($orderBy == 'relevance ASC' || $orderBy == 'relevance DESC') {
-                $relevanceCalc = "MATCH (subject" . (!$subjectOnly ? ', message, metaData' : '') . ") AGAINST ('" . escapeString($q) . "') + (5 / (1 + POW(LN(1 + (" . TIME_NOW . " - time) / 2592000), 2))) AS relevance";
+                $escapedQuery = WCF::getDB()->escapeString($q);
+                $relevanceCalc = "MATCH (subject" . (!$subjectOnly ? ', message, metaData' : '') . ") AGAINST ('" . $escapedQuery . "') + (5 / (1 + POW(LN(1 + (" . TIME_NOW . " - time) / 2592000), 2))) AS relevance";
             }
         }