diff options
| author | Alexey Shchepin <alexey@process-one.net> | 2016-07-05 17:45:37 +0300 |
|---|---|---|
| committer | Alexey Shchepin <alexey@process-one.net> | 2016-07-05 17:45:37 +0300 |
| commit | be3a4acb5547be957f910bd03c5683eccf797390 (patch) | |
| tree | 814f8b7e015db5b5014e5c292d262f191265799a | |
| parent | 3820aaa4216e3254fdeb0cfe545f40a35150752d (diff) | |
Fix missed escaping in node_flat_sql.erl
| -rw-r--r-- | src/node_flat_sql.erl | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/node_flat_sql.erl b/src/node_flat_sql.erl index 37615ca1e..8cd8e4ccd 100644 --- a/src/node_flat_sql.erl +++ b/src/node_flat_sql.erl @@ -914,12 +914,13 @@ first_in_list(Pred, [H | T]) -> end. itemids(Nidx, {_U, _S, _R} = JID) -> - SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>, + SJID = encode_jid(JID), + SJIDLike = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>, case catch ejabberd_sql:sql_query_t( ?SQL("select @(itemid)s from pubsub_item where " - "nodeid=%(Nidx)d and (publisher=%(JID)s" - " or publisher like %(SJID)s escape '^') " + "nodeid=%(Nidx)d and (publisher=%(SJID)s" + " or publisher like %(SJIDLike)s escape '^') " "order by modification desc")) of {selected, RItems} -> |