From 0e05b62eeb2159b1a5dcf40739252d2fc9a37fcc Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Fri, 5 Jun 2009 04:19:47 +0000 Subject: [PATCH] bugfix for filters based on a pattern with *f or *d e.g. GetPersons({'email':'*fake*'}) resulted in an sql fragment "email LIKE '%sake%'" --- PLC/Filter.py | 7 ++++++- PLC/PostgreSQL.py | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/PLC/Filter.py b/PLC/Filter.py index c90f713..c69a5e0 100644 --- a/PLC/Filter.py +++ b/PLC/Filter.py @@ -139,7 +139,12 @@ class Filter(Parameter, dict): elif isinstance(value, StringTypes) and \ (value.find("*") > -1 or value.find("%") > -1): operator = "LIKE" - value = str(api.db.quote(value.replace("*", "%"))) + # insert *** in pattern instead of either * or % + # we dont use % as requests are likely to %-expansion later on + # actual replacement to % done in PostgreSQL.py + value = value.replace ('*','***') + value = value.replace ('%','***') + value = str(api.db.quote(value)) else: operator = "=" if modifiers['<']: diff --git a/PLC/PostgreSQL.py b/PLC/PostgreSQL.py index 9dcae20..2c2d0b3 100644 --- a/PLC/PostgreSQL.py +++ b/PLC/PostgreSQL.py @@ -166,8 +166,13 @@ class PostgreSQL: # psycopg2 requires %()s format for all parameters, # regardless of type. + # this needs to be done carefully though as with pattern-based filters + # we might have percents embedded in the query + # so e.g. GetPersons({'email':'*fake*'}) was resulting in .. LIKE '%sake%' if psycopg2: query = re.sub(r'(%\([^)]*\)|%)[df]', r'\1s', query) + # rewrite wildcards set by Filter.py as '***' into '%' + query = query.replace ('***','%') if not params: if self.debug: -- 2.43.0