possible sql injection in search

2012-05-29 17:14:35 -07:00
parent 21d79e787e
commit 514c994e6a
2 changed files with 3 additions and 3 deletions
--- a/include/api.php
+++ b/include/api.php
@@ -995,8 +995,8 @@
                else
                        $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
                                dbesc(protect_sprintf('%' . $myurl)),
-                                dbesc(protect_sprintf('%' . $myurl . '\\]%')),
-                                dbesc(protect_sprintf('%' . $diasp_url . '\\]%'))
+                                dbesc(protect_sprintf('%' . $myurl . ']%')),
+                                dbesc(protect_sprintf('%' . $diasp_url . ']%'))
                        );

 		if ($max_id > 0)