SONAR-4323 escape special characters % and _

2 files changed, 20 insertions, 2 deletions

diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java b/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java
index 027be9f5e60..ddeb58bf01b 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java
@@ -44,7 +44,18 @@ public class UserQuery {
     this.logins = builder.logins;
     this.includeDeactivated = builder.includeDeactivated;
     this.searchText = builder.searchText;
-    this.searchTextSql = (searchText !=null ? "%" + searchText + "%" : null);
+
+    this.searchTextSql = searchTextToSql(searchText);
+  }
+
+  private String searchTextToSql(@Nullable String s) {
+    String sql = null;
+    if (s != null) {
+      sql = StringUtils.replace(s, "%", "/%");
+      sql = StringUtils.replace(sql, "_", "/_");
+      sql = "%" + sql + "%";
+    }
+    return sql;
   }
 
   @CheckForNull
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java
index 3cbc5822f1c..d20beb80a87 100644
--- a/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java
@@ -69,9 +69,16 @@ public class UserQueryTest {
   }
 
   @Test
-  public void test_searchText() throws Exception {
+  public void searchText() throws Exception {
     UserQuery query = UserQuery.builder().searchText("sim").build();
     assertThat(query.searchText()).isEqualTo("sim");
     assertThat(query.searchTextSql).isEqualTo("%sim%");
   }
+
+  @Test
+  public void searchText_escape_special_characters_in_like() throws Exception {
+    UserQuery query = UserQuery.builder().searchText("%sim_").build();
+    assertThat(query.searchText()).isEqualTo("%sim_");
+    assertThat(query.searchTextSql).isEqualTo("%/%sim/_%");
+  }
 }