elif isinstance(value, StringTypes) and \
(value.find("*") > -1 or value.find("%") > -1):
operator = "LIKE"
- value = str(api.db.quote(value.replace("*", "%")))
+ # insert *** in pattern instead of either * or %
+ # we dont use % as requests are likely to %-expansion later on
+ # actual replacement to % done in PostgreSQL.py
+ value = value.replace ('*','***')
+ value = value.replace ('%','***')
+ value = str(api.db.quote(value))
else:
operator = "="
if modifiers['<']:
# psycopg2 requires %()s format for all parameters,
# regardless of type.
+ # this needs to be done carefully though as with pattern-based filters
+ # we might have percents embedded in the query
+ # so e.g. GetPersons({'email':'*fake*'}) was resulting in .. LIKE '%sake%'
if psycopg2:
query = re.sub(r'(%\([^)]*\)|%)[df]', r'\1s', query)
+ # rewrite wildcards set by Filter.py as '***' into '%'
+ query = query.replace ('***','%')
if not params:
if self.debug: