0004-use-sanitize_sql_like-in-Query-sql_contains.patch

Jens Krämer, 2021-04-12 08:44

Download (1.75 KB)

View differences:

app/models/query.rb
1429 1429
    prefix = '%' if options[:ends_with]
1430 1430
    suffix = '%' if options[:starts_with]
1431 1431
    prefix = suffix = '%' if prefix.nil? && suffix.nil?
1432
    value = queried_class.sanitize_sql_like value
1432 1433
    queried_class.send(
1433 1434
      :sanitize_sql_for_conditions,
1434 1435
      [Redmine::Database.like(db_field, '?', :match => options[:match]), "#{prefix}#{value}#{suffix}"])
test/unit/query_test.rb
2654 2654
    # Non-paginated issue ids and paginated issue ids should be in the same order.
2655 2655
    assert_equal issue_ids, paginated_issue_ids
2656 2656
  end
2657

  
2658
  def test_sql_contains_should_escape_value
2659
    i = Issue.generate! subject: 'Sanitize test'
2660
    query = IssueQuery.new(:project => nil, :name => '_')
2661
    query.add_filter('subject', '~', ['te%t'])
2662
    assert_equal 0, query.issue_count
2663

  
2664
    i.update_column :subject, 'Sanitize te%t'
2665
    assert_equal 1, query.issue_count
2666

  
2667
    i.update_column :subject, 'Sanitize te_t'
2668
    query = IssueQuery.new(:project => nil, :name => '_')
2669
    query.add_filter('subject', '~', ['te_t'])
2670
    assert_equal 1, query.issue_count
2671
  end
2657 2672
end
2658
-