From afea98dc735a6a7a76b21edc93174f1102329165 Mon Sep 17 00:00:00 2001 From: Matthew Jordan Date: Tue, 10 Mar 2015 21:33:40 +0000 Subject: [PATCH] res/res_config_odbc: Fix improper escaping of backslashes with MySQL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When escaping backslashes with MySQL, the proper way to escape the characters in a LIKE clause is to escape the '\' four times, i.e., '\\\\'. To quote the MySQL manual: "Because MySQL uses C escape syntax in strings (for example, “\n” to represent a newline character), you must double any “\” that you use in LIKE strings. For example, to search for “\n”, specify it as “\\n”. To search for “\”, specify it as “\\\\”; this is because the backslashes are stripped once by the parser and again when the pattern match is made, leaving a single backslash to be matched against." ASTERISK-24808 #close Reported by: Javier Acosta patches: res_config_odbc.diff uploaded by Javier Acosta (License 6690) ........ Merged revisions 432720 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@432721 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- res/res_config_odbc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/res/res_config_odbc.c b/res/res_config_odbc.c index 1a47ba5945..2888d35973 100644 --- a/res/res_config_odbc.c +++ b/res/res_config_odbc.c @@ -198,11 +198,11 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); while ((field = field->next)) { op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); } if (ast_string_field_init(&cps, 256)) { @@ -360,11 +360,11 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); while ((field = field->next)) { op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); } snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ORDER BY %s", initfield);