4 files changed, 19 insertions, 3 deletions

diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php
index 10799567..efeba2ef 100644
--- a/modules/gallery/helpers/item_rest.php
+++ b/modules/gallery/helpers/item_rest.php
@@ -64,7 +64,7 @@ class item_rest_Core {
     }
 
     if (isset($p->name)) {
-      $orm->where("name", "LIKE", "%{$p->name}%");
+      $orm->where("name", "LIKE", "%" . Database::escape_for_like($p->name) . "%");
     }
 
     if (isset($p->type)) {
diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php
index aae0bb79..33759b67 100644
--- a/modules/gallery/libraries/MY_Database.php
+++ b/modules/gallery/libraries/MY_Database.php
@@ -88,4 +88,14 @@ abstract class Database extends Database_Core {
   static function set_default_instance($db) {
     self::$instances["default"] = $db;
   }
+
+  /**
+   * Escape LIKE queries, add wildcards.  In MySQL queries using LIKE, _ and % characters are
+   * treated as wildcards similar to ? and *, respectively.  Therefore, we need to escape _, %,
+   * and \ (the escape character itself).
+   */
+  static function escape_for_like($value) {
+    // backslash must go first to avoid double-escaping
+    return addcslashes($value, '\_%');
+  }
 }
\ No newline at end of file
diff --git a/modules/gallery/libraries/drivers/Cache/Database.php b/modules/gallery/libraries/drivers/Cache/Database.php
index a7aae92c..8790d0e1 100644
--- a/modules/gallery/libraries/drivers/Cache/Database.php
+++ b/modules/gallery/libraries/drivers/Cache/Database.php
@@ -69,7 +69,7 @@ class Cache_Database_Driver extends Cache_Driver {
       ->select()
       ->from("caches");
     foreach ($tags as $tag) {
-      $db->where("tags", "LIKE", "%<$tag>%");
+      $db->where("tags", "LIKE", "%" . Database::escape_for_like("<$tag>") . "%");
     }
     $db_result = $db->execute();
 
@@ -139,7 +139,7 @@ class Cache_Database_Driver extends Cache_Driver {
       // Delete all caches
     } else if ($is_tag === true) {
       foreach ($keys as $tag) {
-        $db->where("tags", "LIKE", "%<$tag>%");
+        $db->where("tags", "LIKE", "%" . Database::escape_for_like("<$tag>") . "%");
       }
     } else {
       $db->where("key", "IN", $keys);
diff --git a/modules/gallery/tests/Database_Test.php b/modules/gallery/tests/Database_Test.php
index ab3290a9..106062f5 100644
--- a/modules/gallery/tests/Database_Test.php
+++ b/modules/gallery/tests/Database_Test.php
@@ -147,6 +147,12 @@ class Database_Test extends Gallery_Unit_Test_Case {
     $sql = str_replace("\n", " ", $sql);
     $this->assert_same("UPDATE [test_tables] SET [name] = [Test Name] WHERE [1] = [1]", $sql);
   }
+
+  function escape_for_like_test() {
+    // Note: literal double backslash is written as \\\
+    $this->assert_same('basic\_test', Database::escape_for_like("basic_test"));
+    $this->assert_same('\\\100\%\_test/', Database::escape_for_like('\100%_test/'));
+  }
 }
 
 class Database_Mock extends Database {