From d32d25634d0a8d257ed3d05abb9e6c70d086b3f5 Mon Sep 17 00:00:00 2001 From: Justin Clark-Casey (justincc) Date: Thu, 15 May 2014 22:09:37 +0100 Subject: Escape find string in MySQL core groups plugin --- OpenSim/Data/MySQL/MySQLGroupsData.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim') diff --git a/OpenSim/Data/MySQL/MySQLGroupsData.cs b/OpenSim/Data/MySQL/MySQLGroupsData.cs index 8e39229..afa499e 100644 --- a/OpenSim/Data/MySQL/MySQLGroupsData.cs +++ b/OpenSim/Data/MySQL/MySQLGroupsData.cs @@ -88,7 +88,7 @@ namespace OpenSim.Data.MySQL if (string.IsNullOrEmpty(pattern)) pattern = "1"; else - pattern = string.Format("Name LIKE '%{0}%'", pattern); + pattern = string.Format("Name LIKE '%{0}%'", MySqlHelper.EscapeString(pattern)); return m_Groups.Get(string.Format("ShowInList=1 AND ({0}) ORDER BY Name LIMIT 100", pattern)); } -- cgit v1.1