2015-07-29, 04:03 AM
./admin/modules/user/users.php:3360
should be
Reference:
$userfield_sql .= ' AND '.$db->escape_string($column)." LIKE '%".$db->escape_string($input)."%'";
should be
$userfield_sql .= ' AND '.$db->escape_string($column)." LIKE '%".$db->escape_string_like($input)."%'";
Reference:
/**
* Escape a string used within a like command.
*
* @param string The string to be escaped.
* @return string The escaped string.
*/
function escape_string_like($string)
{
return $this->escape_string(str_replace(array('%', '_') , array('\\%' , '\\_') , $string));
}