From badd52a64501f75d081bdc9e2e4e7672b3e31999 Mon Sep 17 00:00:00 2001
From: omar abu hussein <opetmar91@gmail.com>
Date: Wed, 23 Nov 2016 22:19:17 +0200
Subject: [PATCH] CRM-16575: Backport #5913 to 4.6 branch

---
 CRM/Core/BAO/CustomQuery.php | 42 ++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/CRM/Core/BAO/CustomQuery.php b/CRM/Core/BAO/CustomQuery.php
index 561bea973d..0ecf2898be 100644
--- a/CRM/Core/BAO/CustomQuery.php
+++ b/CRM/Core/BAO/CustomQuery.php
@@ -371,32 +371,46 @@ SELECT label, value
                 else {
                   $value = CRM_Utils_Type::escape($value, 'Integer');
                 }
+                $value = str_replace(array('[', ']', ','), array('\[', '\]', '[:comma:]'), $value);
+                $value = str_replace('|', '[:separator:]', $value);
               }
               elseif ($isSerialized) {
                 if (in_array(key($value), CRM_Core_DAO::acceptedSQLOperators(), TRUE)) {
                   $op = key($value);
                   $value = $value[$op];
                 }
-                $value = implode(',', (array) $value);
+                // CRM-19006: escape characters like comma, | before building regex pattern
+                $value = (array) $value;
+                foreach ($value as $key => $val) {
+                  $value[$key] = str_replace(array('[', ']', ','), array('\[', '\]', '[:comma:]'), $val);
+                  $value[$key] = str_replace('|', '[:separator:]', $value[$key]);
+                }
+                $value = implode(',', $value);
               }
 
               // CRM-14563,CRM-16575 : Special handling of multi-select custom fields
-              if ($isSerialized && !empty($value) && !strstr($op, 'NULL') && !strstr($op, 'LIKE')) {
-                if (strstr($op, 'IN')) {
-                  $value = str_replace(",", "[[:cntrl:]]*|[[:cntrl:]]*", $value);
-                  $value = str_replace('(', '[[.left-parenthesis.]]', $value);
-                  $value = str_replace(')', '[[.right-parenthesis.]]', $value);
-                }
+              if ($isSerialized && !CRM_Utils_System::isNull($value) && !strstr($op, 'NULL') && !strstr($op, 'LIKE')) {
+                $sp = CRM_Core_DAO::VALUE_SEPARATOR;
+                $value = str_replace(",", "$sp|$sp", $value);
+                $value = str_replace(array('[:comma:]', '(', ')'), array(',', '[[.left-parenthesis.]]', '[[.right-parenthesis.]]'), $value);
                 $op = (strstr($op, '!') || strstr($op, 'NOT')) ? 'NOT RLIKE' : 'RLIKE';
-                $value = "[[:cntrl:]]*" . $value . "[[:cntrl:]]*";
+                $value = $sp . $value . $sp;
                 if (!$wildcard) {
-                  $value = str_replace("[[:cntrl:]]*|", '', $value);
+                  foreach (explode("|", $value) as $val) {
+                    $val = str_replace('[:separator:]', '\|', $val);
+                    $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $val, 'String');
+                  }
+                }
+                else {
+                  $value = str_replace('[:separator:]', '\|', $value);
+                  $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
                 }
               }
-
-              //FIX for custom data query fired against no value(NULL/NOT NULL)
-              $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
-              $this->_qill[$grouping][] = "$field[label] $qillOp $qillValue";
+              else {
+                //FIX for custom data query fired against no value(NULL/NOT NULL)
+                $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'String');
+              }
+              $this->_qill[$grouping][] = $field['label'] . " $qillOp $qillValue";
             }
             break;
 
@@ -408,7 +422,7 @@ SELECT label, value
 
           case 'Int':
             $this->_where[$grouping][] = CRM_Contact_BAO_Query::buildClause($fieldName, $op, $value, 'Integer');
-            $this->_qill[$grouping][] = ts("%1 %2 %3", array(1 => $field['label'], 2 => $qillOp, 3 => $qillValue));;
+            $this->_qill[$grouping][] = ts("%1 %2 %3", array(1 => $field['label'], 2 => $qillOp, 3 => $qillValue));
             break;
 
           case 'Boolean':
-- 
2.25.1