security fix

webservice/soap/classes/class.ilSoapUserAdministration.php

@@ -711,8 +711,7 @@ public function searchUser(
 		          LEFT JOIN usr_pref
 		          ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
             $ilDB->quote("language", "text") .
-            "'language'
-		          WHERE 1 = 1 " . $query;
+            "  WHERE 1 = 1 " . $query;
 
         if ($active > -1) {
             $query .= " AND active = " . $ilDB->quote($active);
@@ -774,7 +773,7 @@ private function buildSearchQuery(array $a_keyfields, string $queryOperator, arr
             $field_query = array();
             foreach ($a_keyvalues as $keyvalue) {
                 if (strlen($keyvalue) >= 3) {
-                    $field_query [] = $keyfield . " like '%" . $keyvalue . "%'";
+                    $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
                 }
             }
             if (count($field_query)) {