From 59136fdaf0a759b7b6744d3653b8315d7afcfe8d Mon Sep 17 00:00:00 2001
From: "U-REDMOND\\emadelw" <emadelwany@hotmail.com>
Date: Tue, 23 Sep 2014 16:23:49 -0700
Subject: [PATCH] Fix escaping for MSSQL LIKE queries.

MSSQL allows for more operators than standard LIKE queries. In addition,
an ESCAPE clause must be specified in order to backslash-escapes to work.

Bug: T73207
Change-Id: Idadf9d56cadc48cf47d000598d8a3214c684f9d5
---
 includes/db/DatabaseMssql.php | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/includes/db/DatabaseMssql.php b/includes/db/DatabaseMssql.php
index af3cc72d8c..1f39e1fcb8 100644
--- a/includes/db/DatabaseMssql.php
+++ b/includes/db/DatabaseMssql.php
@@ -1164,6 +1164,35 @@ class DatabaseMssql extends DatabaseBase {
 		return strlen( $name ) && $name[0] == '[' && substr( $name, -1, 1 ) == ']';
 	}
 
+	/**
+	 * MS SQL supports more pattern operators than other databases (ex: [,],^)
+	 *
+	 * @param string $s
+	 * @return string
+	 */
+	protected function escapeLikeInternal( $s ) {
+		return addcslashes( $s, '\%_[]^' );
+	}
+
+	/**
+	 * MS SQL requires specifying the escape character used in a LIKE query
+	 * or using Square brackets to surround characters that are to be escaped
+	 * http://msdn.microsoft.com/en-us/library/ms179859.aspx
+	 * Here we take the Specify-Escape-Character approach since it's less
+	 * invasive, renders a query that is closer to other DB's and better at
+	 * handling square bracket escaping
+	 *
+	 * @return string Fully built LIKE statement
+	 */
+	public function buildLike() {
+		$params = func_get_args();
+		if ( count( $params ) > 0 && is_array( $params[0] ) ) {
+			$params = $params[0];
+		}
+
+		return parent::buildLike( $params ) . " ESCAPE '\' ";
+	}
+
 	/**
 	 * @param string $db
 	 * @return bool
-- 
2.20.1