mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-05-08 17:25:53 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #1557 removed %% in front and escaped groups for mysql8

Browse source
This commit is contained in:
Matthieu Leproux 2021-11-15 13:20:22 +01:00
parent 438d0c1269
commit 74153db445
2 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
include/ws_functions/pwg.users.php
View file

@ -44,16 +44,16 @@ function ws_users_getList($params, &$service)
$filtered_groups = array();
if (!empty($params['filter']))
{
$filter_query = 'SELECT id FROM '. GROUPS_TABLE .' WHERE name LIKE \''. $params['filter'] . '\';';
$filter_query = 'SELECT id FROM `'. GROUPS_TABLE .'` WHERE name LIKE \'%'. $params['filter'] . '%\';';
$filtered_groups_res = pwg_query($filter_query);
while ($row = pwg_db_fetch_assoc($filtered_groups_res))
{
$filtered_groups[] = $row['id'];
}
$filter_where_clause = '('.'u.'.$conf['user_fields']['username'].' LIKE \''.
pwg_db_real_escape_string($params['filter']).'\' OR '
.'u.'.$conf['user_fields']['email'].' LIKE \''.
pwg_db_real_escape_string($params['filter']).'\'';
$filter_where_clause = '('.'u.'.$conf['user_fields']['username'].' LIKE \'%'.
pwg_db_real_escape_string($params['filter']).'%\' OR '
.'u.'.$conf['user_fields']['email'].' LIKE \'%'.
pwg_db_real_escape_string($params['filter']).'%\'';
if (!empty($filtered_groups)) {
$filter_where_clause .= 'OR ug.group_id IN ('. implode(',', $filtered_groups).')';