Fix escaping for sql part of mamsub from muc mam

author Paweł Chmielowski <pchmielowski@process-one.net>

Tue, 30 Apr 2019 11:36:31 +0000 (13:36 +0200)

committer Paweł Chmielowski <pchmielowski@process-one.net>

Tue, 30 Apr 2019 11:36:31 +0000 (13:36 +0200)
author Paweł Chmielowski <pchmielowski@process-one.net>
Tue, 30 Apr 2019 11:36:31 +0000 (13:36 +0200)
committer Paweł Chmielowski <pchmielowski@process-one.net>
Tue, 30 Apr 2019 11:36:31 +0000 (13:36 +0200)
diff --git a/src/mod_mam_sql.erl b/src/mod_mam_sql.erl

index 386110817e9c8d81ae53bce6f71b45316ebb98ee..45603565900ff51e73395e13aa7ba0b7fed57a9c 100644 (file)
--- a/src/mod_mam_sql.erl
+++ b/src/mod_mam_sql.erl
@@ -420,11 +420,11 @@ make_sql_query(User, LServer, MAMQuery, RSM, ExtraUsernames) ->
  
      {UserSel, UserWhere} = case ExtraUsernames of
                                Users when is_list(Users) ->
-                                  EscUsers = [<<"'", (Escape(U))/binary, "'">> || U <- [SUser | Users]],
+                                  EscUsers = [<<"'", (Escape(U))/binary, "'">> || U <- [User | Users]],
                                    {<<" username,">>,
                                     [<<" username in (">>, str:join(EscUsers, <<",">>), <<")">>]};
                                subscribers_table ->
-                                  SJid = jid:encode({User, LServer, <<>>}),
+                                  SJid = Escape(jid:encode({User, LServer, <<>>})),
                                    {<<" username,">>,
                                     [<<" (username = '">>, SUser, <<"'">>,
                                         <<" or username in (select concat(room, '@', host) ",
author	Paweł Chmielowski <pchmielowski@process-one.net>
	Tue, 30 Apr 2019 11:36:31 +0000 (13:36 +0200)
committer	Paweł Chmielowski <pchmielowski@process-one.net>
	Tue, 30 Apr 2019 11:36:31 +0000 (13:36 +0200)