From b87f3f4817245e74cb10d823cac41885095163f4 Mon Sep 17 00:00:00 2001
From: vnmedeiros <vnicius.nm.ba@gmail.com>
Date: Tue, 27 Aug 2024 23:37:42 -0300
Subject: [PATCH] fix: avoid inject SQL in search

---
 .../class-tainacan-rest-background-processes-controller.php   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/classes/api/endpoints/class-tainacan-rest-background-processes-controller.php b/src/classes/api/endpoints/class-tainacan-rest-background-processes-controller.php
index e127bb439..7f237fa78 100644
--- a/src/classes/api/endpoints/class-tainacan-rest-background-processes-controller.php
+++ b/src/classes/api/endpoints/class-tainacan-rest-background-processes-controller.php
@@ -192,8 +192,8 @@ class REST_Background_Processes_Controller extends REST_Controller {
         $process_type = '';
         if (isset($request['search'])) {
             $name = $request['search'];
-            $process_type = "AND name LIKE '%$name%'";
-            $process_type = $wpdb->prepare($process_type);
+            $search_term_like = '%' . $wpdb->esc_like($name) . '%';
+            $process_type = $wpdb->prepare("AND name LIKE %s", $search_term_like);
         }
 
 		$recent_q = '';