github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-11 13:05:50 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Escape string used in LIKE query

Browse Source
This commit is contained in:
Toby Zerner 2018-06-15 19:19:43 +09:30
parent 09528a38d0
commit bc092c48d4
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
framework/core/src/User/UserRepository.php
View File

@ -90,6 +90,8 @@ class UserRepository
*/ */
public function getIdsForUsername($string, User $actor = null) public function getIdsForUsername($string, User $actor = null)
{ {
$string = $this->escapeLikeString($string);
$query = User::where('username', 'like', '%'.$string.'%') $query = User::where('username', 'like', '%'.$string.'%')
->orderByRaw('username = ? desc', [$string]) ->orderByRaw('username = ? desc', [$string])
->orderByRaw('username like ? desc', [$string.'%']); ->orderByRaw('username like ? desc', [$string.'%']);
@ -112,4 +114,15 @@ class UserRepository
return $query; return $query;
} }
/**
* Escape special characters that can be used as wildcards in a LIKE query.
*
* @param string $string
* @return string
*/
private function escapeLikeString($string)
{
return str_replace(['\\', '%', '_'], ['\\\\', '\%', '\_'], $string);
}
} }