bugfix for filters based on a pattern with *f or *d

e.g. GetPersons({'email':'*fake*'}) resulted in an sql fragment "email LIKE '%sake%'"

diff --git a/PLC/Filter.py b/PLC/Filter.py
index c90f713..c69a5e0 100644 (file)
--- a/PLC/Filter.py
+++ b/PLC/Filter.py
@@ -139,7 +139,12 @@ class Filter(Parameter, dict):
                     elif isinstance(value, StringTypes) and \
                             (value.find("*") > -1 or value.find("%") > -1):
                         operator = "LIKE"
-                        value = str(api.db.quote(value.replace("*", "%")))
+                        # insert *** in pattern instead of either * or %
+                        # we dont use % as requests are likely to %-expansion later on
+                        # actual replacement to % done in PostgreSQL.py
+                        value = value.replace ('*','***')
+                        value = value.replace ('%','***')
+                        value = str(api.db.quote(value))
                     else:
                         operator = "="
                         if modifiers['<']:

diff --git a/PLC/PostgreSQL.py b/PLC/PostgreSQL.py
index 9dcae20..2c2d0b3 100644 (file)
--- a/PLC/PostgreSQL.py
+++ b/PLC/PostgreSQL.py
@@ -166,8 +166,13 @@ class PostgreSQL:
 
             # psycopg2 requires %()s format for all parameters,
             # regardless of type.
+            # this needs to be done carefully though as with pattern-based filters
+            # we might have percents embedded in the query
+            # so e.g. GetPersons({'email':'*fake*'}) was resulting in .. LIKE '%sake%'
             if psycopg2:
                 query = re.sub(r'(%\([^)]*\)|%)[df]', r'\1s', query)
+            # rewrite wildcards set by Filter.py as '***' into '%'
+            query = query.replace ('***','%')
 
             if not params:
                 if self.debug: