Some values behave like wildcards in PHP API search
Operating system version
OS X 10.6
Description of the issue
Some values, when searched for, seem to match against any record.
This was observed when a user entered a high unicode character into a utf-8 web page. After sanitising with PHP's htmlentities() function, the resuling string did not restrict the found set when used in a two-field search: the result was the same as if the search had been done on only the first field.
Steps to reproduce the problem
# Sanitise input values
$Login = htmlentities( $_REQUEST['Login'] );
$Password = htmlentities( $_REQUEST['Password'] );
# Search for matching user record.
$fm = fmfactory();
$findReq =& $fm->newFindCommand( 'Users' );
$findReq->addFindCriterion( 'Login', '=="' . $Login . '"' );
$findReq->addFindCriterion( 'Password', '=="' . $Password . '"' );
$result = $findReq->execute();
The script above should find only records with the given Login and Password values.
If the input value for Password is "Ø" (Scandinavian O with a slash through it, other characters also triggered the problem), this search finds the user record for the given Login, regardless of what the record's Password value is.