diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-12-03 23:43:03 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-12-03 23:43:03 +0100 |
| commit | a50e9a98dbf90839e4889d12e08bed11b2e22453 (patch) | |
| tree | 2cef63f8f2db2e96d6212bef4de03afc92008005 | |
| parent | 3c4a46e6ba23f310065334e08ecdf73360c330cd (diff) | |
Fix MySQL / MariaDB database size calculation (#8282)
The `_` is a special character in the SQL `LIKE` expression and was not escaped, leading to users counting for other users size.
Stats for `freshrss` user included users `freshrss1` and `freshrss2` (but not vice versa).
Discovered during https://github.com/FreshRSS/FreshRSS/pull/8277
| -rw-r--r-- | app/Models/DatabaseDAO.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/Models/DatabaseDAO.php b/app/Models/DatabaseDAO.php index 3cd76ea0a..b34c0fc66 100644 --- a/app/Models/DatabaseDAO.php +++ b/app/Models/DatabaseDAO.php @@ -254,7 +254,7 @@ SQL; $values = [':table_schema' => $db['base']]; if (!$all) { $sql .= ' AND table_name LIKE :table_name'; - $values[':table_name'] = $this->pdo->prefix() . '%'; + $values[':table_name'] = addcslashes($this->pdo->prefix(), '%_') . '%'; } $res = $this->fetchColumn($sql, 0, $values); return isset($res[0]) ? (int)($res[0]) : -1; |