diff --git a/app/models/principal.rb b/app/models/principal.rb
index dd376f609..c027f020e 100644
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -42,9 +42,9 @@ class Principal < ActiveRecord::Base
     if q.blank?
       where({})
     else
-      pattern = "%#{q}%"
+      pattern = "%#{q}%".gsub("/","//").gsub("_","/_")
       # sql = %w(login firstname lastname mail).map {|column| "LOWER(#{table_name}.#{column}) LIKE LOWER(:p)"}.join(" OR ")
-      sql= "LOWER(concat(lastname,firstname)) LIKE LOWER(:p) or LOWER(login) LIKE LOWER(:p) or LOWER(mail) LIKE LOWER(:p)"
+      sql= "LOWER(concat(lastname,firstname)) LIKE LOWER(:p) or LOWER(login) LIKE LOWER(:p) or LOWER(mail) LIKE LOWER(:p) escape '/'"
       params = {:p => pattern}
       if q =~ /^(.+)\s+(.+)$/
         a, b = "#{$1}%", "#{$2}%"
@@ -52,7 +52,7 @@ class Principal < ActiveRecord::Base
         sql << " OR (LOWER(#{table_name}.firstname) LIKE LOWER(:b) AND LOWER(#{table_name}.lastname) LIKE LOWER(:a))"
         params.merge!(:a => a, :b => b)
       end
-      where(sql, params)
+p      where(sql, params)
     end
   }