r46285 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r46284‎ \| r46285 \| r46286 >
Date:	21:00, 26 January 2009
Author:	nikerabbit
Status:	ok (Comments)
Tags:	todo
Comment:	* Escape backslashes before normal escaping, to not counteract the effect
Modified paths:	/trunk/phase3/includes/db/Database.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/db/Database.php
—	—	@@ -1620,8 +1620,9 @@
1621	1621	* Escape string for safe LIKE usage
1622	1622	*/
1623	1623	function escapeLike( $s ) {
	1624	+ $s=str_replace('\\','\\\\',$s);
1624	1625	$s=$this->strencode( $s );
1625		~~- $s=str_replace(array('%','_','\\'),array('\%','\_','\\\\'),$s);~~
	1626	+ $s=str_replace(array('%','_'),array('\%','\_'),$s);
1626	1627	return $s;
1627	1628	}
1628	1629

Comments

#Comment by Brion VIBBER (talk | contribs) 23:53, 26 January 2009

Hrmfl...

At this point I might recommend that we deprecate the current escapeLike and make a sensible one that just does the \ % and _ bits without attempting to do a general escape... a decent chunk of current uses of escapeLike() are feeding the result into addQuotes(), which now results in an extra escaping. Blech!

#Comment by Nikerabbit (talk | contribs) 07:56, 27 January 2009

so 1) revert escapeLike to what it was 2) create escapeForLikeOnly which escapes \%_ and needs manually to be run trough strencode/addQuotes?

#Comment by Brion VIBBER (talk | contribs) 23:28, 27 January 2009

Well, leave this as it is now and add another one I guess..... Changing from a fixme to a todo.

Status & tagging log

23:28, 27 January 2009 Brion VIBBER (talk | contribs) changed the tags for r46285 [added: todo]
23:28, 27 January 2009 Brion VIBBER (talk | contribs) changed the status of r46285 [removed: fixme added: ok]
23:53, 26 January 2009 Brion VIBBER (talk | contribs) changed the status of r46285 [removed: new added: fixme]