Fix escape the undescore on search in website module

htdocs/core/db/Database.interface.php

@@ -177,6 +177,14 @@ interface Database
 	 */
 	public function escape($stringtoencode);
 
+	/**
+	 * Escape a string to insert data
+	 *
+	 * @param   string $stringtoencode String to escape
+	 * @return  string                        String escaped
+	 */
+	public function escapeunderscore($stringtoencode);
+
 	/**
 	 * Sanitize a string for SQL forging
 	 *

htdocs/core/db/mysqli.class.php

@@ -430,6 +430,17 @@ class DoliDBMysqli extends DoliDB
 		return $this->db->real_escape_string($stringtoencode);
 	}
 
+	/**
+	 *	Escape a string to insert data
+	 *
+	 *	@param	string	$stringtoencode		String to escape
+	 *	@return	string						String escaped
+	 */
+	public function escapeunderscore($stringtoencode)
+	{
+		return str_replace('_', '\_', $stringtoencode);
+	}
+
 	/**
 	 *	Return generic error code of last operation.
 	 *

htdocs/core/db/pgsql.class.php

@@ -700,6 +700,17 @@ class DoliDBPgsql extends DoliDB
 		return pg_escape_string($stringtoencode);
 	}
 
+	/**
+	 *	Escape a string to insert data
+	 *
+	 *	@param	string	$stringtoencode		String to escape
+	 *	@return	string						String escaped
+	 */
+	public function escapeunderscore($stringtoencode)
+	{
+		return str_replace('_', '\_', $stringtoencode);
+	}
+
 	/**
 	 *  Format a SQL IF
 	 *

htdocs/core/db/sqlite3.class.php

@@ -635,6 +635,17 @@ class DoliDBSqlite3 extends DoliDB
 		return Sqlite3::escapeString($stringtoencode);
 	}
 
+	/**
+	 *	Escape a string to insert data
+	 *
+	 *	@param	string	$stringtoencode		String to escape
+	 *	@return	string						String escaped
+	 */
+	public function escapeunderscore($stringtoencode)
+	{
+		return str_replace('_', '\_', $stringtoencode);
+	}
+
 	/**
 	 *	Renvoie le code erreur generique de l'operation precedente.
 	 *

htdocs/core/lib/website.lib.php

@@ -866,11 +866,11 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so
 		$sql .= " AND (";
 		$searchalgo = '';
 		if (preg_match('/meta/', $algo)) {
-			$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.title LIKE '%".$db->escape($searchstring)."%' OR wp.description LIKE '%".$db->escape($searchstring)."%'";
-			$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.keywords LIKE '".$db->escape($searchstring).",%' OR wp.keywords LIKE '% ".$db->escape($searchstring)."%'"; // TODO Use a better way to scan keywords
+			$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.title LIKE '%".$db->escapeunderscore($db->escape($searchstring))."%' OR wp.description LIKE '%".$db->escapeunderscore($db->escape($searchstring))."%'";
+			$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.keywords LIKE '".$db->escapeunderscore($db->escape($searchstring)).",%' OR wp.keywords LIKE '% ".$db->escapeunderscore($db->escape($searchstring))."%'"; // TODO Use a better way to scan keywords
 		}
 		if (preg_match('/content/', $algo)) {
-			$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.content LIKE '%".$db->escape($searchstring)."%'";
+			$searchalgo .= ($searchalgo ? ' OR ' : '')."wp.content LIKE '%".$db->escapeunderscore($db->escape($searchstring))."%'";
 		}
 		$sql .= $searchalgo;
 		if (is_array($otherfilters) && !empty($otherfilters['category'])) {
@@ -879,6 +879,7 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so
 		$sql .= ")";
 		$sql .= $db->order($sortfield, $sortorder);
 		$sql .= $db->plimit($max);
+		//print $sql;
 
 		$resql = $db->query($sql);
 		if ($resql) {

htdocs/debugbar/class/TraceableDB.php

@@ -250,6 +250,17 @@ class TraceableDB extends DoliDB
 		return $this->db->escape($stringtoencode);
 	}
 
+	/**
+	 * Escape a string to insert data
+	 *
+	 * @param   string $stringtoencode String to escape
+	 * @return  string                        String escaped
+	 */
+	public function escapeunderscore($stringtoencode)
+	{
+		return $this->db->escapeunderscore($stringtoencode);
+	}
+
 	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
 	/**
 	 * Get last ID after an insert INSERT