From 4d86bb2234af3939f1e8add3633deaa425fe526e Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Fri, 12 Sep 2008 02:17:35 +0000
Subject: - images.file categories.permalink old_permalinks.permalink - become
 binary - session security improvement: now the sessions are valid only for
 originating ip addr (with mask 255.255.0.0 to allow users behind load
 balancing proxies) -> stealing the session cookie is almost a non issue (with
 the exception of the 65536 machines in range) - metadata sync from the sync
 button does not overwrite valid data with empty metadata - other small
 fixes/enhancements:  - added event get_category_image_orders  - fix display
 issue with redirect.tpl (h1/h2 within h1)  - fix known_script smarty function
 registration  - query search form not submitted if q is empty  - better admin
 css rules  - some other minor changes (ws_core, rest_handler,
 functions_search...)

git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_search.inc.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'include/functions_search.inc.php')

diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php
index a043f041c..2ec709936 100644
--- a/include/functions_search.inc.php
+++ b/include/functions_search.inc.php
@@ -352,6 +352,10 @@ function get_qsearch_like_clause($q, $field)
         }
         else
         {
+          if ( strcspn($ch, '%_')==0)
+          {// escape LIKE specials %_
+            $ch = '\\'.$ch;
+          }
           $crt_token .= $ch;
         }
         break;
@@ -366,6 +370,10 @@ function get_qsearch_like_clause($q, $field)
             $state=0;
             break;
           default:
+            if ( strcspn($ch, '%_')==0)
+            {// escape LIKE specials %_
+            	$ch = '\\'.$ch;
+            }
             $crt_token .= $ch;
         }
         break;
-- 
cgit v1.2.3