From 792f47b4bd3c4f423fd25c31b5f8ae82ac59b28b Mon Sep 17 00:00:00 2001
From: Alexey Shchepin <alexey@process-one.net>
Date: Thu, 12 May 2016 18:32:13 +0300
Subject: Update SQL escaping

---
 src/sql_queries.erl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/sql_queries.erl')

diff --git a/src/sql_queries.erl b/src/sql_queries.erl
index e1374a817..121117574 100644
--- a/src/sql_queries.erl
+++ b/src/sql_queries.erl
@@ -231,12 +231,12 @@ list_users(LServer,
 	   [{prefix, Prefix}, {limit, Limit}, {offset, Offset}])
     when is_binary(Prefix) and is_integer(Limit) and
 	   is_integer(Offset) ->
-    SPrefix = ejabberd_sql:escape_like_arg(Prefix),
+    SPrefix = ejabberd_sql:escape_like_arg_circumflex(Prefix),
     SPrefix2 = <<SPrefix/binary, $%>>,
     ejabberd_sql:sql_query(
       LServer,
       ?SQL("select @(username)s from users "
-           "where username like %(SPrefix2)s "
+           "where username like %(SPrefix2)s escape '^' "
            "order by username "
            "limit %(Limit)d offset %(Offset)d")).
 
@@ -264,12 +264,12 @@ users_number(LServer) ->
 
 users_number(LServer, [{prefix, Prefix}])
     when is_binary(Prefix) ->
-    SPrefix = ejabberd_sql:escape_like_arg(Prefix),
+    SPrefix = ejabberd_sql:escape_like_arg_circumflex(Prefix),
     SPrefix2 = <<SPrefix/binary, $%>>,
     ejabberd_sql:sql_query(
       LServer,
       ?SQL("select @(count(*))d from users "
-           "where username like %(SPrefix2)s"));
+           "where username like %(SPrefix2)s escape '^'"));
 users_number(LServer, []) ->
     users_number(LServer).
 
-- 
cgit v1.2.3