[Rt-commit] rt branch, 4.0/ticketsql-quoting, updated. rt-4.0.2-120-g46f1c8e
Alex Vandiver
alexmv at bestpractical.com
Thu Sep 29 18:45:00 EDT 2011
The branch, 4.0/ticketsql-quoting has been updated
via 46f1c8ee989eb5b2b7d9c09c0a73611a4eabb995 (commit)
from 117bae99d9eb98ff635064280bd2db8992971797 (commit)
Summary of changes:
lib/RT/Tickets.pm | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
- Log -----------------------------------------------------------------
commit 46f1c8ee989eb5b2b7d9c09c0a73611a4eabb995
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Sep 29 15:12:12 2011 -0400
Properly escape ' and \ in clauses that will generate TicketSQL
When translating restrictions into clauses, whose values will be
surrounded by single quotes, escape both single quotes and backslashes.
Double quotes need never be escaped. This affected calls to
$tickets->Limit whose VALUE contained backslashes; they previously might
have generated incorrect TicketSQL, and thus return no results.
diff --git a/lib/RT/Tickets.pm b/lib/RT/Tickets.pm
index 5401373..693338b 100644
--- a/lib/RT/Tickets.pm
+++ b/lib/RT/Tickets.pm
@@ -3374,8 +3374,8 @@ sub _RestrictionsToClauses {
exists $clause{$realfield} or $clause{$realfield} = [];
# Escape Quotes
- $field =~ s!(['"])!\\$1!g;
- $value =~ s!(['"])!\\$1!g;
+ $field =~ s!(['\\])!\\$1!g;
+ $value =~ s!(['\\])!\\$1!g;
my $data = [ $ea, $type, $field, $op, $value ];
# here is where we store extra data, say if it's a keyword or
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list