[TYPO3-core] RFC: #14615: Autosuggest function doesn't work with quotes
Steffen Kamper
info at sk-typo3.de
Fri Jun 4 01:11:51 CEST 2010
Hi,
this is SVN patch request.
Type: bugfix
Branches: trunk, 4_3
BT reference: http://bugs.typo3.org/view.php?id=14615
Simple example: create a page with title 'havequote.
Now try to find this page in autosuggest, example: page, type shortcut,
Shortcut to page. Type 'ha => no results.
This is because this search gives an SQL error because of unescaped quote.
Solution: quote it.
There would be a second solution as the escapeStrForLike-function is
already called. I'm not sure, but shouldn't the function also take
quotes into account? See example for adding single quote there:
function escapeStrForLike($str, $table) {
return preg_replace('/[_%\']/', '\\\$0', $str);
}
vg Steffen
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 14615.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100604/0d8ef3ef/attachment.asc>
More information about the TYPO3-team-core
mailing list