From 3c75c3ded339199354b8123ffa735db82f52e8f2 Mon Sep 17 00:00:00 2001 From: John van Breda Date: Thu, 1 Apr 2021 18:03:08 +0100 Subject: [PATCH 1/2] Bugfixes - escaping doesn't work --- modules/indicia_svc_data/controllers/services/data.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/indicia_svc_data/controllers/services/data.php b/modules/indicia_svc_data/controllers/services/data.php index 256e0c0bc1..344648c5d7 100644 --- a/modules/indicia_svc_data/controllers/services/data.php +++ b/modules/indicia_svc_data/controllers/services/data.php @@ -1304,14 +1304,14 @@ protected function apply_get_parameters_to_db($count = FALSE) { } $where["$this->viewname.$param"] = $value; } - if ($this->view_columns[$param]['type'] === 'bool') { + elseif ($this->view_columns[$param]['type'] === 'bool') { if (!preg_match('/^[tf]$/i', trim($value))) { throw new ValidationError('Validation error', 2003, 'Invalid format for boolean column filter.'); } $where["$this->viewname.$param"] = $value; } elseif (strpos($value, '*') === FALSE) { - $where["$this->viewname.$param"] = pg_escape_string($value); + $where["$this->viewname.$param"] = $value; } else { $like["$this->viewname.$param"] = pg_escape_string(str_replace('*', '%', $value)); From 0b7980707c127bb1c5b0f9e67aae9d4b4828f692 Mon Sep 17 00:00:00 2001 From: John van Breda Date: Thu, 1 Apr 2021 18:03:33 +0100 Subject: [PATCH 2/2] Version bump --- application/config/version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/version.php b/application/config/version.php index 515806a84c..387dd6b84a 100644 --- a/application/config/version.php +++ b/application/config/version.php @@ -29,7 +29,7 @@ * * @var string */ -$config['version'] = '5.1.3'; +$config['version'] = '5.1.4'; /** * Version release date.