From 1f7a6fdc63347d6d03be119247b0be13daf7278e Mon Sep 17 00:00:00 2001
From: denise <denise@denise-DX4860.(none)>
Date: Fri, 24 Aug 2012 10:29:28 -0400
Subject: [PATCH] CC-4262: Smart Block: Characters do not get escaped properly

-fixed
---
 airtime_mvc/application/models/Block.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/airtime_mvc/application/models/Block.php b/airtime_mvc/application/models/Block.php
index cf0cce9f9..87b0bf524 100644
--- a/airtime_mvc/application/models/Block.php
+++ b/airtime_mvc/application/models/Block.php
@@ -1181,7 +1181,17 @@ EOT;
                             $criteria['extra'] *= 1000;
                         }
                     } else {
-                        $spCriteriaValue = addslashes($criteria['value']);
+                        /* Propel does not escape special characters properly when using LIKE/ILIKE
+                         * We have to add extra slashes in these cases
+                         */
+                        $tempModifier = trim(self::$modifier2CriteriaMap[$spCriteriaModifier]);
+                        if ($tempModifier == 'ILIKE') {
+                            $spCriteriaValue = addslashes($criteria['value']);
+                            // addslashes() does not esapce '%' so we have to do it manually
+                            $spCriteriaValue = str_replace('%', '\%', $spCriteriaValue);
+                        } else {
+                            $spCriteriaValue = ($criteria['value']);
+                        }
                     }
                     
                     if ($spCriteriaModifier == "starts with") {
@@ -1224,7 +1234,6 @@ EOT;
         }
         try {
             $out = $qry->setFormatter(ModelCriteria::FORMAT_ON_DEMAND)->find();
-
             return array("files"=>$out, "limit"=>$limits, "count"=>$out->count());
         } catch (Exception $e) {
             Logging::info($e);