From: Michael J. Rubinsky <mrubinsk@horde.org>
Date: Thu, 18 Mar 2010 16:54:37 +0000 (-0400)
Subject: Properly quote the search term.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=40df1aeabe36f7c5539f0571c96574a067c408d3;p=horde.git

Properly quote the search term.

Bug: 8919
---

diff --git a/ansel/lib/Storage.php b/ansel/lib/Storage.php
index 901899fc7..4c791de56 100644
--- a/ansel/lib/Storage.php
+++ b/ansel/lib/Storage.php
@@ -1162,7 +1162,8 @@ class Ansel_Storage
     {
         $sql = 'SELECT DISTINCT image_location, image_latitude, image_longitude FROM ansel_images WHERE LENGTH(image_location) > 0';
         if (strlen($search)) {
-            $sql .= ' AND image_location LIKE "' . $search . '%"';
+            $sql .= ' AND image_location LIKE "' . $GLOBALS['ansel_db']->quote("$search%");
+
         }
         Horde::logMessage(sprintf("SQL QUERY BY Ansel_Storage::searchLocations: %s", $sql), 'DEBUG');
         $results = $this->_db->query($sql);