From: U-REDMOND\emadelw <emadelwany@hotmail.com>
Date: Tue, 23 Sep 2014 23:23:49 +0000 (-0700)
Subject: Fix escaping for MSSQL LIKE queries.
X-Git-Tag: 1.31.0-rc.0~7195^2
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dmembres/cotisations/gestion/rappel_supprimer.php?a=commitdiff_plain;h=59136fdaf0a759b7b6744d3653b8315d7afcfe8d;p=lhc%2Fweb%2Fwiklou.git

Fix escaping for MSSQL LIKE queries.

MSSQL allows for more operators than standard LIKE queries. In addition,
an ESCAPE clause must be specified in order to backslash-escapes to work.

Bug: T73207
Change-Id: Idadf9d56cadc48cf47d000598d8a3214c684f9d5
---

diff --git a/includes/db/DatabaseMssql.php b/includes/db/DatabaseMssql.php
index af3cc72d8c..1f39e1fcb8 100644
--- a/includes/db/DatabaseMssql.php
+++ b/includes/db/DatabaseMssql.php
@@ -1164,6 +1164,35 @@ class DatabaseMssql extends DatabaseBase {
 		return strlen( $name ) && $name[0] == '[' && substr( $name, -1, 1 ) == ']';
 	}
 
+	/**
+	 * MS SQL supports more pattern operators than other databases (ex: [,],^)
+	 *
+	 * @param string $s
+	 * @return string
+	 */
+	protected function escapeLikeInternal( $s ) {
+		return addcslashes( $s, '\%_[]^' );
+	}
+
+	/**
+	 * MS SQL requires specifying the escape character used in a LIKE query
+	 * or using Square brackets to surround characters that are to be escaped
+	 * http://msdn.microsoft.com/en-us/library/ms179859.aspx
+	 * Here we take the Specify-Escape-Character approach since it's less
+	 * invasive, renders a query that is closer to other DB's and better at
+	 * handling square bracket escaping
+	 *
+	 * @return string Fully built LIKE statement
+	 */
+	public function buildLike() {
+		$params = func_get_args();
+		if ( count( $params ) > 0 && is_array( $params[0] ) ) {
+			$params = $params[0];
+		}
+
+		return parent::buildLike( $params ) . " ESCAPE '\' ";
+	}
+
 	/**
 	 * @param string $db
 	 * @return bool