From 7bcee7994b97d0360028b609fb6799d3217cbda6 Mon Sep 17 00:00:00 2001 From: "deb.monish" Date: Thu, 30 Jun 2016 11:09:06 +0530 Subject: [PATCH] CRM-19006: option values with commas are unsearchable --- CRM/Core/BAO/CustomQuery.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/CRM/Core/BAO/CustomQuery.php b/CRM/Core/BAO/CustomQuery.php index c2a1db9f51..ce3586a5fa 100644 --- a/CRM/Core/BAO/CustomQuery.php +++ b/CRM/Core/BAO/CustomQuery.php @@ -345,7 +345,12 @@ SELECT f.id, f.label, f.data_type, $op = key($value); $value = $value[$op]; } - $value = implode(',', (array) $value); + // CRM-19006: escape characters like comma, | before building regex pattern + $value = (array) $value; + foreach ($value as $key => $val) { + $value[$key] = str_replace(array('|', '[', ']', ','), array('\|', '\[', '\]', '[:comma:]'), $val); + } + $value = implode(',', $value); } // CRM-14563,CRM-16575 : Special handling of multi-select custom fields @@ -353,8 +358,7 @@ SELECT f.id, f.label, f.data_type, $sp = CRM_Core_DAO::VALUE_SEPARATOR; if (strstr($op, 'IN')) { $value = str_replace(",", "$sp|$sp", $value); - $value = str_replace('(', '[[.left-parenthesis.]]', $value); - $value = str_replace(')', '[[.right-parenthesis.]]', $value); + $value = str_replace(array('[:comma:]', '(', ')'), array(',', '[[.left-parenthesis.]]', '[[.right-parenthesis.]]'), $value); } $op = (strstr($op, '!') || strstr($op, 'NOT')) ? 'NOT RLIKE' : 'RLIKE'; $value = $sp . $value . $sp; -- 2.25.1