Skip to content

Commit

Permalink
Fix missed escaping in node_flat_sql.erl
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexeyshch
alexeyshch committed Jul 5, 2016
1 parent 3820aaa commit be3a4ac
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions src/node_flat_sql.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -914,12 +914,13 @@ first_in_list(Pred, [H | T]) ->
end.

itemids(Nidx, {_U, _S, _R} = JID) ->
SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
SJID = encode_jid(JID),
SJIDLike = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
case catch
ejabberd_sql:sql_query_t(
?SQL("select @(itemid)s from pubsub_item where "
"nodeid=%(Nidx)d and (publisher=%(JID)s"
" or publisher like %(SJID)s escape '^') "
"nodeid=%(Nidx)d and (publisher=%(SJID)s"
" or publisher like %(SJIDLike)s escape '^') "
"order by modification desc"))
of
{selected, RItems} ->
Expand Down

0 comments on commit be3a4ac

Please sign in to comment.