Fix escaping of directory paths in query pages so searching within

directories works on windows.

* lib/cvsdb.py
  (EscapeLike):
    new function

* lib/viewcvs.py
  (view_query):
    escape directory paths before using them in LIKE comparisons


git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@944 8cb11bc2-c004-0410-86c3-e597b4017df7

lib/cvsdb.py

@@ -30,6 +30,7 @@ import sys
 import string
 import time
 import fnmatch
+import re
 
 import config
 import dbi
@@ -751,3 +752,8 @@ def GetUnrecordedCommitList(repository, filename):
 
     return unrecorded_commit_list
 
+_re_likechars = re.compile(r"([_%\\])")
+
+def EscapeLike(literal):
+  """Escape literal string for use in a MySQL LIKE pattern"""
+  return re.sub(_re_likechars, r"\\\1", literal)

lib/viewcvs.py

@@ -3026,10 +3026,11 @@ def view_query(request):
   if dir:
     for subdir in string.split(dir, ','):
       path = string.join(request.path_parts + [ string.strip(subdir) ], '/')
-      query.SetDirectory('%s%%' % path, 'like')
+      query.SetDirectory('%s%%' % cvsdb.EscapeLike(path), 'like')
   else:
     if request.path_parts: # if we are in a subdirectory ...
-      query.SetDirectory('%s%%' % request.where, 'like')
+      directory = os.path.normpath(request.where)
+      query.SetDirectory('%s%%' % cvsdb.EscapeLike(directory), 'like')
   if file:
     query.SetFile(file, file_match)
   if who: