From f04094e69ed8d3dda8b0cc1d35cb9b887e67e50f Mon Sep 17 00:00:00 2001
From: Matthias Schmidt <gravatronics@live.com>
Date: Fri, 16 Nov 2018 19:47:42 +0100
Subject: [PATCH] Escape regular expression to search in multiselect option
 values

---
 .../system/option/MultiSelectOptionType.class.php    | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/option/MultiSelectOptionType.class.php b/wcfsetup/install/files/lib/system/option/MultiSelectOptionType.class.php
index 0f8189cb23..90210f026a 100644
--- a/wcfsetup/install/files/lib/system/option/MultiSelectOptionType.class.php
+++ b/wcfsetup/install/files/lib/system/option/MultiSelectOptionType.class.php
@@ -84,7 +84,11 @@ class MultiSelectOptionType extends SelectOptionType {
 		if (!is_array($value) || empty($value)) return false;
 		$value = ArrayUtil::trim($value, false);
 		
-		$conditions->add("option_value.userOption".$option->optionID." REGEXP '".'(^|\n)'.implode('\n([^\n]*\n)*', array_map('escapeString', $value)).'($|\n)'."'");
+		$value = array_map(function($value) {
+			return escapeString(preg_quote($value));
+		}, $value);
+		
+		$conditions->add("option_value.userOption".$option->optionID." REGEXP '".'(^|\n)'.implode('\n([^\n]*\n)*', $value).'($|\n)'."'");
 		return true;
 	}
 	
@@ -95,7 +99,11 @@ class MultiSelectOptionType extends SelectOptionType {
 		if (!is_array($value) || empty($value)) return false;
 		$value = ArrayUtil::trim($value, false);
 		
-		$userList->getConditionBuilder()->add("user_option_value.userOption".$option->optionID." REGEXP '".'(^|\n)'.implode('\n([^\n]*\n)*', array_map('escapeString', $value)).'($|\n)'."'");
+		$value = array_map(function($value) {
+			return escapeString(preg_quote($value));
+		}, $value);
+		
+		$userList->getConditionBuilder()->add("user_option_value.userOption".$option->optionID." REGEXP '".'(^|\n)'.implode('\n([^\n]*\n)*', $value).'($|\n)'."'");
 	}
 	
 	/**
-- 
2.20.1