From: Alexey Shchepin Date: Tue, 5 Jul 2016 14:45:37 +0000 (+0300) Subject: Fix missed escaping in node_flat_sql.erl X-Git-Tag: 16.08~61 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=be3a4acb5547be957f910bd03c5683eccf797390;p=ejabberd Fix missed escaping in node_flat_sql.erl --- diff --git a/src/node_flat_sql.erl b/src/node_flat_sql.erl index 37615ca1e..8cd8e4ccd 100644 --- a/src/node_flat_sql.erl +++ b/src/node_flat_sql.erl @@ -914,12 +914,13 @@ first_in_list(Pred, [H | T]) -> end. itemids(Nidx, {_U, _S, _R} = JID) -> - SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>, + SJID = encode_jid(JID), + SJIDLike = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>, case catch ejabberd_sql:sql_query_t( ?SQL("select @(itemid)s from pubsub_item where " - "nodeid=%(Nidx)d and (publisher=%(JID)s" - " or publisher like %(SJID)s escape '^') " + "nodeid=%(Nidx)d and (publisher=%(SJID)s" + " or publisher like %(SJIDLike)s escape '^') " "order by modification desc")) of {selected, RItems} ->