Fix: escaped group parameter in getEvents for use with LIKE

to prevent clashing of underscores in client names and underscores used by LIKE.

warden_server/warden_server.py

@@ -714,10 +714,11 @@ class MySQL(ObjectBase):
         if group or nogroup:
             subquery = []
             for name in (group or nogroup):
-                subquery.append("c.name = %s")      # exact client
+                escaped_name = name.replace('&', '&&').replace("_", "&_").replace("%", "&%")  # escape for LIKE
+                subquery.append("c.name = %s")                                # exact client
                 params.append(name)
-                subquery.append("c.name LIKE %s")   # whole subtree
-                params.append(name + ".%")
+                subquery.append("c.name LIKE CONCAT(%s, '.%%') ESCAPE '&'")   # whole subtree
+                params.append(escaped_name)
 
             query.append(" AND %s (%s)" % (self._get_not(group), " OR ".join(subquery)))