From: Paweł Chmielowski <pchmielowski@process-one.net>
Date: Tue, 30 Apr 2019 11:36:31 +0000 (+0200)
Subject: Fix escaping for sql part of mamsub from muc mam
X-Git-Tag: 19.05~51
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b071c4906fd1b39bfb754bcb0319a5703f6c422a;p=ejabberd

Fix escaping for sql part of mamsub from muc mam
---

diff --git a/src/mod_mam_sql.erl b/src/mod_mam_sql.erl
index 386110817..456035659 100644
--- a/src/mod_mam_sql.erl
+++ b/src/mod_mam_sql.erl
@@ -420,11 +420,11 @@ make_sql_query(User, LServer, MAMQuery, RSM, ExtraUsernames) ->
 
     {UserSel, UserWhere} = case ExtraUsernames of
 			       Users when is_list(Users) ->
-				   EscUsers = [<<"'", (Escape(U))/binary, "'">> || U <- [SUser | Users]],
+				   EscUsers = [<<"'", (Escape(U))/binary, "'">> || U <- [User | Users]],
 				   {<<" username,">>,
 				    [<<" username in (">>, str:join(EscUsers, <<",">>), <<")">>]};
 			       subscribers_table ->
-				   SJid = jid:encode({User, LServer, <<>>}),
+				   SJid = Escape(jid:encode({User, LServer, <<>>})),
 				   {<<" username,">>,
 				    [<<" (username = '">>, SUser, <<"'">>,
 					<<" or username in (select concat(room, '@', host) ",