Also escape backslashes in search terms

So that our users can’t accidentally escape characters themselves.
2026-01-30 06:21:50 -05:00 · 2018-03-14 11:29:19 +00:00
parent bdd77f9150
commit 9103ca5975
2 changed files with 6 additions and 3 deletions
--- a/app/dao/notifications_dao.py
+++ b/app/dao/notifications_dao.py
@@ -455,10 +455,10 @@ def dao_get_notifications_by_to_field(service_id, search_term, notification_type
    else:
        raise InvalidRequest("Only email and SMS can use search by recipient", 400)

-    for special_character in {'_', '%', '/'}:
+    for special_character in ('\\', '_', '%', '/'):
        normalised = normalised.replace(
            special_character,
-            '\\{}'.format(special_character)
+            '\{}'.format(special_character)
        )

    filters = [