From 4d26d4ebf4d6101f12b4bb9135e553c6d06e3733 Mon Sep 17 00:00:00 2001
From: Jacek <jacek.poreda@sonarsource.com>
Date: Tue, 25 Jan 2022 10:28:26 +0100
Subject: SONAR-15825 Escape special characters in like sql query for portfolio
 projects

---
 .../src/main/java/org/sonar/db/component/ComponentDao.java             | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'server/sonar-db-dao/src/main/java/org/sonar')

diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java
index 027eca54878..bbdaab77678 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java
@@ -257,7 +257,8 @@ public class ComponentDao implements Dao {
   }
 
   public List<String> selectProjectsFromView(DbSession session, String viewUuid, String projectViewUuid) {
-    return mapper(session).selectProjectsFromView("%." + viewUuid + ".%", projectViewUuid);
+    var escapedViewUuid = viewUuid.replace("_", "\\_").replace("%", "\\%");
+    return mapper(session).selectProjectsFromView("%." + escapedViewUuid + ".%", projectViewUuid);
   }
 
   /**
-- 
cgit v1.2.3