search_to_sql: quoting fix

This commit is contained in:
Andrew Dolgov 2017-12-02 22:58:59 +03:00
parent ab1960cf13
commit a2d77092fe
1 changed files with 6 additions and 6 deletions

View File

@ -1384,8 +1384,8 @@
switch ($commandpair[0]) { switch ($commandpair[0]) {
case "title": case "title":
if ($commandpair[1]) { if ($commandpair[1]) {
array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%". array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE ".
$pdo->quote(mb_strtolower($commandpair[1]))."%'))"); $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%') ."))");
} else { } else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%') array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))"); OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
@ -1394,8 +1394,8 @@
break; break;
case "author": case "author":
if ($commandpair[1]) { if ($commandpair[1]) {
array_push($query_keywords, "($not (LOWER(author) LIKE '%". array_push($query_keywords, "($not (LOWER(author) LIKE ".
$pdo->quote(mb_strtolower($commandpair[1]))."%'))"); $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else { } else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%') array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))"); OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
@ -1409,8 +1409,8 @@
else if ($commandpair[1] == "false") else if ($commandpair[1] == "false")
array_push($query_keywords, "($not (note IS NULL OR note = ''))"); array_push($query_keywords, "($not (note IS NULL OR note = ''))");
else else
array_push($query_keywords, "($not (LOWER(note) LIKE '%". array_push($query_keywords, "($not (LOWER(note) LIKE ".
$pdo->quote(mb_strtolower($commandpair[1]))."%'))"); $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else { } else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%') array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))"); OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");