- images.file categories.permalink old_permalinks.permalink - become binary

- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:
 - added event get_category_image_orders
 - fix display issue with redirect.tpl (h1/h2 within h1)
 - fix known_script smarty function registration
 - query search form not submitted if q is empty
 - better admin css rules
 - some other minor changes (ws_core, rest_handler, functions_search...)

git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 8 insertions, 0 deletions

diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php
index a043f041c..2ec709936 100644
--- a/include/functions_search.inc.php
+++ b/include/functions_search.inc.php
@@ -352,6 +352,10 @@ function get_qsearch_like_clause($q, $field)
         }
         else
         {
+          if ( strcspn($ch, '%_')==0)
+          {// escape LIKE specials %_
+            $ch = '\\'.$ch;
+          }
           $crt_token .= $ch;
         }
         break;
@@ -366,6 +370,10 @@ function get_qsearch_like_clause($q, $field)
             $state=0;
             break;
           default:
+            if ( strcspn($ch, '%_')==0)
+            {// escape LIKE specials %_
+            	$ch = '\\'.$ch;
+            }
             $crt_token .= $ch;
         }
         break;