From 9026fb39092d173a7b7f32d42831b59b9cf9b2ba Mon Sep 17 00:00:00 2001
From: jeph864 <jephte.abijuru@minervis.com>
Date: Mon, 27 Nov 2023 11:52:39 +0100
Subject: [PATCH] security fix

---
 webservice/soap/classes/class.ilSoapUserAdministration.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/webservice/soap/classes/class.ilSoapUserAdministration.php b/webservice/soap/classes/class.ilSoapUserAdministration.php
index 82065583cd7c..13a6a9ef08d6 100755
--- a/webservice/soap/classes/class.ilSoapUserAdministration.php
+++ b/webservice/soap/classes/class.ilSoapUserAdministration.php
@@ -711,8 +711,7 @@ public function searchUser(
 		          LEFT JOIN usr_pref
 		          ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
             $ilDB->quote("language", "text") .
-            "'language'
-		          WHERE 1 = 1 " . $query;
+            "  WHERE 1 = 1 " . $query;
 
         if ($active > -1) {
             $query .= " AND active = " . $ilDB->quote($active);
@@ -774,7 +773,7 @@ private function buildSearchQuery(array $a_keyfields, string $queryOperator, arr
             $field_query = array();
             foreach ($a_keyvalues as $keyvalue) {
                 if (strlen($keyvalue) >= 3) {
-                    $field_query [] = $keyfield . " like '%" . $keyvalue . "%'";
+                    $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
                 }
             }
             if (count($field_query)) {