From 1a39415a8db9a810488ccdd27f657a7b846a5045 Mon Sep 17 00:00:00 2001
From: Fabio De Simone <prototypefab@gmail.com>
Date: Mon, 28 Jan 2019 22:45:56 +0100
Subject: [PATCH] wip injection fix

---
 telegrambot.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/telegrambot.py b/telegrambot.py
index 607644b0..07a0be96 100644
--- a/telegrambot.py
+++ b/telegrambot.py
@@ -298,6 +298,7 @@ def cmd_search(bot: Bot, update: Update):
         text = update.message.text.split(" ", 1)[1]
         if text is None:
             return
+            text = text.replace('%','\\%').replace('_','\_')
         entries = session.query(db.Diario).filter(db.Diario.text.ilike('%'+text+'%')).all()
         messageText = "Ecco i risulati della ricerca:\n"
         for entry in entries[:5]: