Dotclear

Changeset 3592:940d0c9a5dac


Ignore:
Timestamp:
09/14/17 13:49:02 (8 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
2.12
Message:

Escapes REGEXP reserved characters (or SQLite equivalent) before searching existing URLs. Should fixes #2254

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/core/class.dc.blog.php

    r3423 r3592  
    19401940          { 
    19411941               if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli') { 
    1942                     $clause = "REGEXP '^".$this->con->escape($url)."[0-9]+$'"; 
     1942                    $clause = "REGEXP '^".$this->con->escape(preg_quote($url))."[0-9]+$'"; 
    19431943               } elseif ($this->con->driver() == 'pgsql') { 
    1944                     $clause = "~ '^".$this->con->escape($url)."[0-9]+$'"; 
     1944                    $clause = "~ '^".$this->con->escape(preg_quote($url))."[0-9]+$'"; 
    19451945               } else { 
    1946                     $clause = "LIKE '".$this->con->escape($url)."%'"; 
     1946                    $clause = "LIKE '". 
     1947                              $this->con->escape(preg_replace(array('%','_','!'),array('!%','!_','!!'),$url)). 
     1948                              "%' ESCAPE '!'"; 
    19471949               } 
    19481950               $strReq = 'SELECT post_url FROM '.$this->prefix.'post '. 
Note: See TracChangeset for help on using the changeset viewer.

Sites map