Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64003

Messaging: Use sql_like_escape() to escape the search string in message_search_users()

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.6
    • 3.6.2
    • Messages
    • MOODLE_36_STABLE
    • MOODLE_36_STABLE
    • MDL-64003-master
    • Hide
      1. As admin create 3 users: User1 = Amanda Something, User2 = A%a Something, User3 = Ama_da Something
      2. Click on message icon to open message interface
      3. Click on Search input
      4. Search for 'A%a' and check that there's only one user as result 
      5. Search for 'Ama_da' and check that there's only one user as result 
      Show
      As admin create 3 users: User1 = Amanda Something, User2 = A%a Something, User3 = Ama_da Something Click on message icon to open message interface Click on Search input Search for 'A%a' and check that there's only one user as result  Search for 'Ama_da' and check that there's only one user as result 

    Description

      Currently, you can use the special chars, like % and _ in the search, and we shouldn't be able to do this.

      Attachments

        Activity

          People

            amaia Amaia Anabitarte
            jaked Jake Dallimore
            Mark Nelson Mark Nelson
            Jake Dallimore Jake Dallimore
            Janelle Barcega Janelle Barcega
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              14/Jan/19

              Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 20 minutes
                20m