Fix missed escaping in node_flat_sql.erl

author: Alexey Shchepin <alexey@process-one.net> 2016-07-05 17:45:37 +0300
committer: Alexey Shchepin <alexey@process-one.net> 2016-07-05 17:45:37 +0300
commit: be3a4acb5547be957f910bd03c5683eccf797390 (patch)
tree: 814f8b7e015db5b5014e5c292d262f191265799a /src/node_flat_sql.erl
parent: Quote reserver 'type' keyword for pgsql to fix e300f80 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/node_flat_sql.erl b/src/node_flat_sql.erl
index 37615ca1..8cd8e4cc 100644
--- a/src/node_flat_sql.erl
+++ b/src/node_flat_sql.erl
@@ -914,12 +914,13 @@ first_in_list(Pred, [H | T]) ->
     end.
 
 itemids(Nidx, {_U, _S, _R} = JID) ->
-    SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
+    SJID = encode_jid(JID),
+    SJIDLike = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
     case catch
 	ejabberd_sql:sql_query_t(
           ?SQL("select @(itemid)s from pubsub_item where "
-               "nodeid=%(Nidx)d and (publisher=%(JID)s"
-               " or publisher like %(SJID)s escape '^') "
+               "nodeid=%(Nidx)d and (publisher=%(SJID)s"
+               " or publisher like %(SJIDLike)s escape '^') "
                "order by modification desc"))
     of
 	{selected, RItems} ->
author	Alexey Shchepin <alexey@process-one.net>	2016-07-05 17:45:37 +0300
committer	Alexey Shchepin <alexey@process-one.net>	2016-07-05 17:45:37 +0300
commit	be3a4acb5547be957f910bd03c5683eccf797390 (patch)
tree	814f8b7e015db5b5014e5c292d262f191265799a /src/node_flat_sql.erl
parent	Quote reserver 'type' keyword for pgsql to fix e300f80 (diff)