[BUGFIX] Add `ESCAPE` keyword for `like()` and `notLike() expressions
Values for `like` expressions should be escaping the corresponding like wildcards ($ and _). TYPO3 core provides a `escapeLikeWildcards()` in `QueryBuilder` and on the `Connection`. Under the hood, the php `addcslashes()` method is used to escape wildcards in the value before appending/prepending wildcards. It has been assumed, that `\` as escape character is always the default character throughout all database server vendors and versions - which makes `addcslashes()` the one-shot to use. It has been recently discovered, that if values in the database contains one of these wildcards, for example the underscore `_` and a like expression is built using the escape method, the row cannot be matched in all databases. This relates to the fact, that the generated like expressions do not contains the `ESCAPE` keyword to define which escape character has been used. `doctrine/dbal` has added a corresponding argument to the doctrine/dbal query ExpressionBuilder like() and notLike() method, so this can be set. TYPO3 uses a custom ExpressionBuilder, not extending the doctrine ExpressionBuilder (which will change with upcoming doctrine/dbal v4). This change always adds the `ESCAPE` keyword to like and not like expressions with the hardcoded `\` escape character - except for PostgresSQL. PostgresSQL doesn't like it when ILIKE/NOT ILIKE is used, which the ExpressionBuilder does to mimic case insensitive LIKE/NOT LIKE similar to MySql. This can be made configurable in a dedicated patch and must be done for upgrading to doctrine/dbal 4.x anyway. Resolves: #100874 Releases: main, 12.4, 11.5 Change-Id: Id7eb891ef52e8c6988a605eaadd0afcbcf5176bb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79027 Tested-by:Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Stefan Bürk <stefan@buerk.tech> Reviewed-by:
Stefan Froemken <froemken@gmail.com> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Showing
- typo3/sysext/core/Classes/Database/Query/Expression/ExpressionBuilder.php 4 additions, 2 deletions...e/Classes/Database/Query/Expression/ExpressionBuilder.php
- typo3/sysext/core/Tests/Functional/Database/Fixtures/DataSet/TestExpressionBuilderLikeAndNotLike.csv 3 additions, 0 deletions.../Fixtures/DataSet/TestExpressionBuilderLikeAndNotLike.csv
- typo3/sysext/core/Tests/Functional/Database/Query/Expression/ExpressionBuilderTest.php 124 additions, 2 deletions...ional/Database/Query/Expression/ExpressionBuilderTest.php
- typo3/sysext/core/Tests/Unit/Database/Query/Expression/ExpressionBuilderTest.php 8 additions, 2 deletions.../Unit/Database/Query/Expression/ExpressionBuilderTest.php
- typo3/sysext/indexed_search/Tests/Functional/Utility/LikeWildcardTest.php 3 additions, 0 deletions...exed_search/Tests/Functional/Utility/LikeWildcardTest.php
Please register or sign in to comment