Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64003

Messaging: Use sql_like_escape() to escape the search string in message_search_users()

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.6.2
    • 3.6
    • Messages
    • MOODLE_36_STABLE
    • MOODLE_36_STABLE
    • MDL-64003-master
    • Hide
      1. As admin create 3 users: User1 = Amanda Something, User2 = A%a Something, User3 = Ama_da Something
      2. Click on message icon to open message interface
      3. Click on Search input
      4. Search for 'A%a' and check that there's only one user as result 
      5. Search for 'Ama_da' and check that there's only one user as result 
      Show
      As admin create 3 users: User1 = Amanda Something, User2 = A%a Something, User3 = Ama_da Something Click on message icon to open message interface Click on Search input Search for 'A%a' and check that there's only one user as result  Search for 'Ama_da' and check that there's only one user as result 

      Currently, you can use the special chars, like % and _ in the search, and we shouldn't be able to do this.

        1. image-2018-12-12-11-13-26-491.png
          image-2018-12-12-11-13-26-491.png
          50 kB

            amaia Amaia Anabitarte
            jaked Jake Dallimore
            Mark Nelson Mark Nelson
            Jake Dallimore Jake Dallimore
            Janelle Barcega Janelle Barcega
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 20 minutes
                20m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.