escape like parameter for move queries

2015-11-05 16:32:08 +01:00 · 2015-11-05 16:32:08 +01:00 · d36e1bbab2
parent d514200b56
commit d36e1bbab2
1 changed files with 1 additions and 1 deletions
--- a/lib/private/files/cache/cache.php
+++ b/lib/private/files/cache/cache.php
@ -499,7 +499,7 @@ class Cache {
 		if ($sourceData['mimetype'] === 'httpd/unix-directory') {
 			//find all child entries
 			$sql = 'SELECT `path`, `fileid` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `path` LIKE ?';
-			$result = $this->connection->executeQuery($sql, [$sourceStorageId, $sourcePath . '/%']);
+			$result = $this->connection->executeQuery($sql, [$sourceStorageId, $this->connection->escapeLikeParameter($sourcePath) . '/%']);
 			$childEntries = $result->fetchAll();
 			$sourceLength = strlen($sourcePath);
 			$this->connection->beginTransaction();