Like escaping is not supported in the way it is used

swentel / indieweb

IndieWeb integration for Drupal

https://drupal.org/project/indieweb

GNU General Public License v2.0

37 stars 5 forks source link

Like escaping is not supported in the way it is used #455

Closed alexpott closed 4 years ago

alexpott commented 4 years ago

I'm reading through https://www.drupal.org/project/drupal/issues/2786811 and discovered that one of the indieweb module is affected.

  public function checkIdenticalSyndication($like) {
    return $this->database->query("SELECT count(url) as count FROM {webmention_syndication} WHERE url LIKE :match_url", [':match_url' => '%/' . Database::getConnection()->escapeLike($like)])->fetchField();
  }

For cross db support this needs to use a query builder.

swentel commented 4 years ago

Well, developers can swap the storage class if they want to make it work on another db backend :)

Joke aside, fixed, thanks for letting me know!