From ba5f3d6d9452c76687683fc3c56cd9f2aa5539e0 Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt Date: Sat, 18 Aug 2012 18:43:36 +0200 Subject: [PATCH] dak/process_policy.py: escape '_' in string passed to SQL LIKE operator later --- dak/process_policy.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dak/process_policy.py b/dak/process_policy.py index 77bc448a..8103fd0b 100755 --- a/dak/process_policy.py +++ b/dak/process_policy.py @@ -68,6 +68,10 @@ def do_comments(dir, srcqueue, opref, npref, line, fn, transaction): else: changes_prefix = changes_prefix + '.changes' + # We need to escape "_" as we use it with the LIKE operator (via the + # SQLA startwith) later. + changes_prefix = changes_prefix.replace("_", r"\_") + uploads = session.query(PolicyQueueUpload).filter_by(policy_queue=srcqueue) \ .join(PolicyQueueUpload.changes).filter(DBChange.changesname.startswith(changes_prefix)) \ .order_by(PolicyQueueUpload.source_id) -- 2.39.5