groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-10 21:19:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Escape like pattern % and _ so that search containing these chars work like expected

Browse source 
This fixes issue #1075
This commit is contained in:
Jan Böhmer 2025-10-19 00:00:03 +02:00
parent 377feaf566
commit 5dbe4ba00b
3 changed files with 15 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/DataTables/Filters/Constraints/TextConstraint.php
View file

@ -96,14 +96,15 @@ class TextConstraint extends AbstractConstraint
//The CONTAINS, LIKE, STARTS and ENDS operators use the LIKE operator, but we have to build the value string differently
$like_value = null;
$escaped_value = str_replace(['%', '_'], ['\%', '\_'], $this->value);
if ($this->operator === 'LIKE') {
$like_value = $this->value;
$like_value = $this->value; //Here we do not escape anything, as the user may provide % and _ wildcards
} elseif ($this->operator === 'STARTS') {
$like_value = $this->value . '%';
$like_value = $escaped_value . '%';
} elseif ($this->operator === 'ENDS') {
$like_value = '%' . $this->value;
$like_value = '%' . $escaped_value;
} elseif ($this->operator === 'CONTAINS') {
$like_value = '%' . $this->value . '%';
$like_value = '%' . $escaped_value . '%';
}
if ($like_value !== null) {

2
src/DataTables/Filters/PartSearchFilter.php
View file

@ -144,6 +144,8 @@ class PartSearchFilter implements FilterInterface
if ($this->regex) {
$queryBuilder->setParameter('search_query', $this->keyword);
} else {
//Escape % and _ characters in the keyword
$this->keyword = str_replace(['%', '_'], ['\%', '\_'], $this->keyword);
$queryBuilder->setParameter('search_query', '%' . $this->keyword . '%');
}
}