add quotes to reverse_search_string (to fix reverse search with ip-ad…

…dresses) (#540) Co-authored-by: Niklas Schell <ns@ratiokontakt.de>
poweradmin · Dec 25, 2023 · 9cd23ea · 9cd23ea
1 parent 03bae1d
commit 9cd23ea
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lib/Application/Query/RecordSearch.php b/lib/Application/Query/RecordSearch.php
@@ -88,7 +88,7 @@ public function fetchRecords(mixed $search_string, bool $reverse, mixed $reverse
             LEFT JOIN users u on z.owner = u.id
             WHERE
                 (records.name LIKE ' . $this->db->quote($search_string, 'text') . ' OR records.content LIKE ' . $this->db->quote($search_string, 'text') .
-            ($reverse ? ' OR records.name LIKE ' . $this->db->quote($reverse_search_string, 'text') . ' OR records.content LIKE ' . $reverse_search_string : '') . ')' .
+            ($reverse ? ' OR records.name LIKE ' . $this->db->quote($reverse_search_string, 'text') . ' OR records.content LIKE ' . $this->db->quote($reverse_search_string, 'text') : '') . ')' .
             ($permission_view == 'own' ? 'AND z.owner = ' . $this->db->quote($_SESSION['userid'], 'integer') : '') .
             ($iface_search_group_records ? ' GROUP BY records.name, records.content ' : '') .
             ' ORDER BY ' . $sort_records_by .
@@ -146,7 +146,7 @@ public function getFoundRecords(mixed $search_string, bool $reverse, mixed $reve
             LEFT JOIN users u on z.owner = u.id
             WHERE
                 (records.name LIKE ' . $this->db->quote($search_string, 'text') . ' OR records.content LIKE ' . $this->db->quote($search_string, 'text') .
-            ($reverse ? ' OR records.name LIKE ' . $reverse_search_string . ' OR records.content LIKE ' . $reverse_search_string : '') . ')' .
+            ($reverse ? ' OR records.name LIKE ' . $this->db->quote($reverse_search_string, 'text') . ' OR records.content LIKE ' . $this->db->quote($reverse_search_string, 'text') : '') . ')' .
             ($permission_view == 'own' ? 'AND z.owner = ' . $this->db->quote($_SESSION['userid'], 'integer') : '') .
             ($iface_search_group_records ? ' GROUP BY records.name, records.content ' : '');
 

diff --git a/lib/Application/Query/ZoneSearch.php b/lib/Application/Query/ZoneSearch.php
@@ -160,7 +160,7 @@ public function getFoundZones(mixed $search_string, bool $reverse, mixed $revers
             LEFT JOIN (SELECT COUNT(domain_id) AS count_records, domain_id FROM records WHERE type IS NOT NULL GROUP BY domain_id) record_count ON record_count.domain_id=domains.id
             WHERE
                 (domains.name LIKE ' . $this->db->quote($search_string, 'text') .
-            ($reverse ? ' OR domains.name LIKE ' . $reverse_search_string : '') . ') ' .
+            ($reverse ? ' OR domains.name LIKE ' . $this->db->quote($reverse_search_string, 'text') : '') . ') ' .
             ($permission_view == 'own' ? ' AND z.owner = ' . $this->db->quote($_SESSION['userid'], 'integer') : '');
 
         return (int)$this->db->queryOne($zonesQuery);