From a50e9a98dbf90839e4889d12e08bed11b2e22453 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 3 Dec 2025 23:43:03 +0100
Subject: [PATCH] Fix MySQL / MariaDB database size calculation (#8282)

The `_` is a special character in the SQL `LIKE` expression and was not escaped, leading to users counting for other users size.
Stats for `freshrss` user included users `freshrss1` and `freshrss2` (but not vice versa).
Discovered during https://github.com/FreshRSS/FreshRSS/pull/8277
---
 app/Models/DatabaseDAO.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Models/DatabaseDAO.php b/app/Models/DatabaseDAO.php
index 3cd76ea0a..b34c0fc66 100644
--- a/app/Models/DatabaseDAO.php
+++ b/app/Models/DatabaseDAO.php
@@ -254,7 +254,7 @@ SQL;
 		$values = [':table_schema' => $db['base']];
 		if (!$all) {
 			$sql .= ' AND table_name LIKE :table_name';
-			$values[':table_name'] = $this->pdo->prefix() . '%';
+			$values[':table_name'] = addcslashes($this->pdo->prefix(), '%_') . '%';
 		}
 		$res = $this->fetchColumn($sql, 0, $values);
 		return isset($res[0]) ? (int)($res[0]) : -1;