Last modified: 2009-01-25 09:13:23 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T19150, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 17150 - escapeLike should double escape \
escapeLike should double escape \
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Database (Other open bugs)
1.15.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-24 20:45 UTC by Niklas Laxström
Modified: 2009-01-25 09:13 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Niklas Laxström 2009-01-24 20:45:37 UTC 
In http://dev.mysql.com/doc/refman/5.0/en/string-comparison-functions.html there is note:


Because MySQL uses C escape syntax in strings (for example, “\n” to represent a newline character), you must double any “\” that you use in LIKE strings. For example, to search for “\n”, specify it as “\\n”. To search for “\”, specify it as “\\\\”; this is because the backslashes are stripped once by the parser and again when the pattern match is made, leaving a single backslash to be matched against. (Exception: At the end of the pattern string, backslash can be specified as “\\”. At the end of the string, backslash stands for itself because there is nothing following to escape.)


This will break if literal \ is in user input, failing to provide matches. PostgreSQL seems to have same behaviour. Suggested fix is to escape \ one more time in escapeLike:

-               $s=str_replace(array('%','_'),array('\%','\_'),$s);
+               $s=str_replace(array('%','_','\\'),array('\%','\_','\\\\'),$s);
Comment 1 Niklas Laxström 2009-01-25 09:13:23 UTC 
Committed r46190.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links