From be3a4acb5547be957f910bd03c5683eccf797390 Mon Sep 17 00:00:00 2001
From: Alexey Shchepin <alexey@process-one.net>
Date: Tue, 5 Jul 2016 17:45:37 +0300
Subject: Fix missed escaping in node_flat_sql.erl

---
 src/node_flat_sql.erl | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/node_flat_sql.erl b/src/node_flat_sql.erl
index 37615ca1e..8cd8e4ccd 100644
--- a/src/node_flat_sql.erl
+++ b/src/node_flat_sql.erl
@@ -914,12 +914,13 @@ first_in_list(Pred, [H | T]) ->
     end.
 
 itemids(Nidx, {_U, _S, _R} = JID) ->
-    SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
+    SJID = encode_jid(JID),
+    SJIDLike = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
     case catch
 	ejabberd_sql:sql_query_t(
           ?SQL("select @(itemid)s from pubsub_item where "
-               "nodeid=%(Nidx)d and (publisher=%(JID)s"
-               " or publisher like %(SJID)s escape '^') "
+               "nodeid=%(Nidx)d and (publisher=%(SJID)s"
+               " or publisher like %(SJIDLike)s escape '^') "
                "order by modification desc"))
     of
 	{selected, RItems} ->
-- 
cgit v1.2.3