From 6dc1b113d0a7cdf3d7b6d567728d39568f1ed982 Mon Sep 17 00:00:00 2001
From: Justin Clark-Casey (justincc)
Date: Thu, 15 May 2014 22:45:01 +0100
Subject: Escape find string in PgSQL core groups plugin

---
 OpenSim/Data/PGSQL/PGSQLGroupsData.cs | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'OpenSim/Data/PGSQL/PGSQLGroupsData.cs')

diff --git a/OpenSim/Data/PGSQL/PGSQLGroupsData.cs b/OpenSim/Data/PGSQL/PGSQLGroupsData.cs
index ed75b63..15c965b 100644
--- a/OpenSim/Data/PGSQL/PGSQLGroupsData.cs
+++ b/OpenSim/Data/PGSQL/PGSQLGroupsData.cs
@@ -83,11 +83,15 @@ namespace OpenSim.Data.PGSQL
         public GroupData[] RetrieveGroups(string pattern)
         {
             if (string.IsNullOrEmpty(pattern)) // True for where clause
+            {
                 pattern = " true ORDER BY lower(\"Name\") LIMIT 100";
+                return m_Groups.Get(pattern);
+            }
             else
-                pattern = string.Format(" lower(\"Name\") LIKE lower('%{0}%') ORDER BY lower(\"Name\") LIMIT 100", pattern);
-
-            return m_Groups.Get(pattern);
+            {
+                pattern = string.Format(" lower(\"Name\") LIKE lower('%:pattern%') ORDER BY lower(\"Name\") LIMIT 100");
+                return m_Groups.Get(pattern, new NpgsqlParameter("pattern", pattern));
+            }
         }
 
         public bool DeleteGroup(UUID groupID)
-- 
cgit v1.1