From d36e1bbab23253673339a2b1b6d81a906d83fa5b Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Thu, 5 Nov 2015 16:32:08 +0100
Subject: [PATCH] escape like parameter for move queries

---
 lib/private/files/cache/cache.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/files/cache/cache.php b/lib/private/files/cache/cache.php
index 666385b5aa..4047724332 100644
--- a/lib/private/files/cache/cache.php
+++ b/lib/private/files/cache/cache.php
@@ -499,7 +499,7 @@ class Cache {
 		if ($sourceData['mimetype'] === 'httpd/unix-directory') {
 			//find all child entries
 			$sql = 'SELECT `path`, `fileid` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `path` LIKE ?';
-			$result = $this->connection->executeQuery($sql, [$sourceStorageId, $sourcePath . '/%']);
+			$result = $this->connection->executeQuery($sql, [$sourceStorageId, $this->connection->escapeLikeParameter($sourcePath) . '/%']);
 			$childEntries = $result->fetchAll();
 			$sourceLength = strlen($sourcePath);
 			$this->connection->beginTransaction();
-- 
GitLab