Search does not escape '_' character

Migrated issue

Reported by: gribnif

When '_' characters are typed into the search box, they are passed unescaped into the LIKE portion of a SQL query. This results in more matches than there should be, based on what the user typed.

The included patch fixes this problem.