X-Git-Url: http://git.cyclocoop.org/%40spipnet%40?a=blobdiff_plain;f=includes%2Flibs%2Frdbms%2Fdatabase%2FDatabase.php;h=88a883ade736a4e28f9d990114ae639370f40aab;hb=eb72adcb4e28eedc1806d845355856bd6f97dadb;hp=0915b7deed1d6d238841e15deedf417bb77cb272;hpb=fd00600a94ef3c9871b9c4610a10333bf0489a9e;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/libs/rdbms/database/Database.php b/includes/libs/rdbms/database/Database.php
index 0915b7deed..88a883ade7 100644
--- a/includes/libs/rdbms/database/Database.php
+++ b/includes/libs/rdbms/database/Database.php
@@ -2019,8 +2019,10 @@ abstract class Database implements IDatabase, IMaintainableDatabase, LoggerAware
 	 * @param string $s
 	 * @return string
 	 */
-	protected function escapeLikeInternal( $s ) {
-		return addcslashes( $s, '\%_' );
+	protected function escapeLikeInternal( $s, $escapeChar = '`' ) {
+		return str_replace( [ $escapeChar, '%', '_' ],
+			[ "{$escapeChar}{$escapeChar}", "{$escapeChar}%", "{$escapeChar}_" ],
+			$s );
 	}
 
 	public function buildLike() {
@@ -2032,15 +2034,21 @@ abstract class Database implements IDatabase, IMaintainableDatabase, LoggerAware
 
 		$s = '';
 
+		// We use ` instead of \ as the default LIKE escape character, since addQuotes()
+		// may escape backslashes, creating problems of double escaping. The `
+		// character has good cross-DBMS compatibility, avoiding special operators
+		// in MS SQL like ^ and %
+		$escapeChar = '`';
+
 		foreach ( $params as $value ) {
 			if ( $value instanceof LikeMatch ) {
 				$s .= $value->toString();
 			} else {
-				$s .= $this->escapeLikeInternal( $value );
+				$s .= $this->escapeLikeInternal( $value, $escapeChar );
 			}
 		}
 
-		return " LIKE {$this->addQuotes( $s )} ";
+		return ' LIKE ' . $this->addQuotes( $s ) . ' ESCAPE ' . $this->addQuotes( $escapeChar ) . ' ';
 	}
 
 	public function anyChar() {