escape % in file_tag_query as it is ultimately embedded in a sprintf

author friendica <info@friendica.com>

Sat, 31 Mar 2012 21:48:35 +0000 (14:48 -0700)

committer friendica <info@friendica.com>

Sat, 31 Mar 2012 21:48:35 +0000 (14:48 -0700)
author friendica <info@friendica.com>
Sat, 31 Mar 2012 21:48:35 +0000 (14:48 -0700)
committer friendica <info@friendica.com>
Sat, 31 Mar 2012 21:48:35 +0000 (14:48 -0700)
diff --git a/boot.php b/boot.php

index ec1ffbbf48eece42c0cd54e4d3c3ba355335b637..6309a5f9b024cbf41fa11bfa5b41dcac9508b528 100755 (executable)
--- a/boot.php
+++ b/boot.php
@@ -9,7 +9,7 @@ require_once('include/nav.php');
  require_once('include/cache.php');
  
  define ( 'FRIENDICA_PLATFORM',     'Friendica');
-define ( 'FRIENDICA_VERSION',      '2.3.1297' );
+define ( 'FRIENDICA_VERSION',      '2.3.1298' );
  define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
  define ( 'DB_UPDATE_VERSION',      1134      );
  
diff --git a/include/text.php b/include/text.php

index f758c37ee6eb8086803aa592640f65b82680a60d..64f6f72a8c8244d556067b5a4d6f01e480d1071f 100644 (file)
--- a/include/text.php
+++ b/include/text.php
@@ -1306,6 +1306,10 @@ function file_tag_decode($s) {
  }
  
  function file_tag_file_query($table,$s,$type = 'file') {
+
+       // this is ultimately going into a vsprintf
+       $s = str_replace('%','%%',$s);
+
         if($type == 'file')
                 $str = preg_quote( '[' . file_tag_encode($s) . ']' );
         else
author	friendica <info@friendica.com>
	Sat, 31 Mar 2012 21:48:35 +0000 (14:48 -0700)
committer	friendica <info@friendica.com>
	Sat, 31 Mar 2012 21:48:35 +0000 (14:48 -0700)
boot.php		patch \| blob \| history
include/text.php		patch \| blob \| history