[Rt-commit] rt branch, 4.0/search-builder-cf-quotes-fix, created. rt-4.0.2-68-g4ee7ab8
? sunnavy
sunnavy at bestpractical.com
Tue Sep 13 23:34:48 EDT 2011
The branch, 4.0/search-builder-cf-quotes-fix has been created
at 4ee7ab86aa0d6e0fad971a13e4f42f8de302a04d (commit)
- Log -----------------------------------------------------------------
commit 4ee7ab86aa0d6e0fad971a13e4f42f8de302a04d
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Sep 14 11:32:09 2011 +0800
cf names may contain single quotes
so escape them the same way as in values
diff --git a/lib/RT/Interface/Web/QueryBuilder/Tree.pm b/lib/RT/Interface/Web/QueryBuilder/Tree.pm
index 860485e..21d0f77 100644
--- a/lib/RT/Interface/Web/QueryBuilder/Tree.pm
+++ b/lib/RT/Interface/Web/QueryBuilder/Tree.pm
@@ -268,6 +268,7 @@ sub ParseSQL {
push @results, [ $args{'CurrentUser'}->loc("Unknown field: [_1]", $key), -1 ]
}
+ $key =~ s/'/\\'/g;
$value =~ s/'/\\'/g;
if ( lc $op eq 'is' || lc $op eq 'is not' ) {
$value = 'NULL'; # just fix possible mistakes here
diff --git a/share/html/Search/Build.html b/share/html/Search/Build.html
index ba5045b..c807ffb 100644
--- a/share/html/Search/Build.html
+++ b/share/html/Search/Build.html
@@ -233,6 +233,8 @@ foreach my $arg ( keys %ARGS ) {
$value = "'$value'" unless $value =~ /^\d+$/;
}
+ # don't escape the heading and trailing '
+ $keyword =~ s/(?<!^)'(?!$)/\\'/g;
my $clause = {
Key => $keyword,
Op => $op,
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list