mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-05-08 14:43:37 -04:00
f09d77ae89
zmDbDo built log messages by s/\?/'%s'/g on the SQL and then passing the result to sprintf with the bind values. Any literal % in the SQL (LIKE '%foo%' patterns, or the disk-percent substitution used by dynamic filters) was interpreted as a sprintf format spec, producing garbage output or an uncaught sprintf error. Replace the two-step approach with a single regex that substitutes bind values directly, so literal % in the SQL is preserved verbatim. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>