mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-22 23:41:07 +00:00
f7866c1c15
The contacts search passed user input directly into a LIKE pattern without escaping % and _ characters, causing them to act as SQL wildcards and return incorrect results. Add an escapeLikePattern() helper that escapes \, %, and _ with a backslash, and add ESCAPE '\' to the selection clause so SQLite treats them as literal characters. Made-with: Cursor