[TYPO3-core] RFC: fix bug #990
Martin Kutschker
Martin.Kutschker at blackbox.net
Thu Jan 5 10:19:19 CET 2006
Holzinger Franz <franz at fholzinger.com> writes on
Wed, 04 Jan 2006 12:53:44 +0100 (MET):
> Hello Martin,
>
>
> >@@ -6342,7 +6344,7 @@
> > if (strlen($val)>=2) {
> > reset($searchFields);
> >
> > while(list(,$field)=each($searchFields)) {
> >- $where_p[] =
> > $prefixTableName.$field.' LIKE \'%'.$GLOBALS['TYPO3_DB']->quoteStr($val,
> > $searchTable).'%\'';
> >+ $where_p[] =
> > $prefixTableName.$field.' LIKE
> > \'%'.$TYPO3_DB->escapeStrForLike($TYPO3_DB->quoteStr($val,
> > $searchTable)).'%\'';
> > }
> > }
> > if (count($where_p)) {
> >
> >
> You are calling the
>
>
> >$TYPO3_DB->escapeStrForLike($TYPO3_DB->quoteStr($val, $searchTable))
> >
> in a loop, which is not necessary here.
>
> Call it right after the
> $val = trim($val);
> only once.
Commited, but called after the strlen check, because quoting and escaping may change the string length.
Masi
More information about the TYPO3-team-core
mailing list