QPID-5805: Disallow % and _ characters as escapes in selector LIKE expression

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1601373 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 4 insertions, 0 deletions

diff --git a/qpid/cpp/src/qpid/broker/SelectorExpression.cpp b/qpid/cpp/src/qpid/broker/SelectorExpression.cpp
index 1e217737ce..4efb91acf8 100644
--- a/qpid/cpp/src/qpid/broker/SelectorExpression.cpp
+++ b/qpid/cpp/src/qpid/broker/SelectorExpression.cpp
@@ -774,6 +774,9 @@ BoolExpression* specialComparisons(Tokeniser& tokeniser, std::auto_ptr<Expressio
             if (e.val.size()>1) {
                 throwParseError(tokeniser, "single character string required after ESCAPE");
             }
+            if (e.val=="%" || e.val=="_") {
+                throwParseError(tokeniser, "'%' and '_' are not allowed as ESCAPE characters");
+            }
             return new LikeExpression(e1.release(), t.val, e.val);
         } else {
             tokeniser.returnTokens();
diff --git a/qpid/cpp/src/tests/Selector.cpp b/qpid/cpp/src/tests/Selector.cpp
index 30c69c68af..951f124d3a 100644
--- a/qpid/cpp/src/tests/Selector.cpp
+++ b/qpid/cpp/src/tests/Selector.cpp
@@ -262,6 +262,7 @@ QPID_AUTO_TEST_CASE(parseStringFail)
     BOOST_CHECK_THROW(qb::Selector e("A not 234 escape"), std::range_error);
     BOOST_CHECK_THROW(qb::Selector e("A not like 'eclecti_' escape 'happy'"), std::range_error);
     BOOST_CHECK_THROW(qb::Selector e("A not like 'eclecti_' escape happy"), std::range_error);
+    BOOST_CHECK_THROW(qb::Selector e("A not like 'eclecti_' escape '%'"), std::range_error);
     BOOST_CHECK_THROW(qb::Selector e("A BETWEEN AND 'true'"), std::range_error);
     BOOST_CHECK_THROW(qb::Selector e("A NOT BETWEEN 34 OR 3.9"), std::range_error);
     BOOST_CHECK_THROW(qb::Selector e("A IN ()"), std::range_error);