From: friendica Date: Sat, 31 Mar 2012 21:48:35 +0000 (-0700) Subject: escape % in file_tag_query as it is ultimately embedded in a sprintf X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=0cf2e051bbe98166e99025bc1f32a6e8e08a26f2;p=friendica.git escape % in file_tag_query as it is ultimately embedded in a sprintf --- diff --git a/boot.php b/boot.php index ec1ffbbf48..6309a5f9b0 100755 --- a/boot.php +++ b/boot.php @@ -9,7 +9,7 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '2.3.1297' ); +define ( 'FRIENDICA_VERSION', '2.3.1298' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DB_UPDATE_VERSION', 1134 ); diff --git a/include/text.php b/include/text.php index f758c37ee6..64f6f72a8c 100644 --- a/include/text.php +++ b/include/text.php @@ -1306,6 +1306,10 @@ function file_tag_decode($s) { } function file_tag_file_query($table,$s,$type = 'file') { + + // this is ultimately going into a vsprintf + $s = str_replace('%','%%',$s); + if($type == 'file') $str = preg_quote( '[' . file_tag_encode($s) . ']' ); else