| Index: trunk/phase3/includes/LinkFilter.php |
| — | — | @@ -51,6 +51,7 @@ |
| 52 | 52 | * @param $prot String: protocol |
| 53 | 53 | */ |
| 54 | 54 | public static function makeLike( $filterEntry , $prot = 'http://' ) { |
| | 55 | + $db = wfGetDB( DB_MASTER ); |
| 55 | 56 | if ( substr( $filterEntry, 0, 2 ) == '*.' ) { |
| 56 | 57 | $subdomains = true; |
| 57 | 58 | $filterEntry = substr( $filterEntry, 2 ); |
| — | — | @@ -83,23 +84,23 @@ |
| 84 | 85 | $mailparts = explode( '@', $host ); |
| 85 | 86 | $domainpart = strtolower( implode( '.', array_reverse( explode( '.', $mailparts[1] ) ) ) ); |
| 86 | 87 | $host = $domainpart . '@' . $mailparts[0]; |
| 87 | | - $like = "$prot$host%"; |
| | 88 | + $like = $db->escapeLike( "$prot$host" ) . "%"; |
| 88 | 89 | } elseif ( $prot == 'mailto:' ) { |
| 89 | 90 | // domainpart of email adress only. do not add '.' |
| 90 | 91 | $host = strtolower( implode( '.', array_reverse( explode( '.', $host ) ) ) ); |
| 91 | | - $like = "$prot$host%"; |
| | 92 | + $like = $db->escapeLike( "$prot$host" ) . "%"; |
| 92 | 93 | } else { |
| 93 | 94 | $host = strtolower( implode( '.', array_reverse( explode( '.', $host ) ) ) ); |
| 94 | 95 | if ( substr( $host, -1, 1 ) !== '.' ) { |
| 95 | 96 | $host .= '.'; |
| 96 | 97 | } |
| 97 | | - $like = "$prot$host"; |
| | 98 | + $like = $db->escapeLike( "$prot$host" ); |
| 98 | 99 | |
| 99 | 100 | if ( $subdomains ) { |
| 100 | 101 | $like .= '%'; |
| 101 | 102 | } |
| 102 | 103 | if ( !$subdomains || $path !== '/' ) { |
| 103 | | - $like .= $path . '%'; |
| | 104 | + $like .= $db->escapeLike( $path ) . '%'; |
| 104 | 105 | } |
| 105 | 106 | } |
| 106 | 107 | return $like; |