[Rt-commit] rt branch, 4.0/ticketsql-quoting, updated. rt-4.0.2-122-ga90baf3
Alex Vandiver
alexmv at bestpractical.com
Fri Sep 30 11:13:03 EDT 2011
The branch, 4.0/ticketsql-quoting has been updated
via a90baf36e0e8bc1b26168bf8bcf33a2cca901fec (commit)
via 44aedda53eeeefe54be3c13a992eda37d4bb4bc7 (commit)
from 46f1c8ee989eb5b2b7d9c09c0a73611a4eabb995 (commit)
Summary of changes:
lib/RT/Interface/Web/QueryBuilder/Tree.pm | 5 ++-
share/html/Search/Build.html | 6 +++
t/web/search_cf_quotes.t | 53 +++++++++++++++++++++++++++++
3 files changed, 63 insertions(+), 1 deletions(-)
create mode 100644 t/web/search_cf_quotes.t
- Log -----------------------------------------------------------------
commit 44aedda53eeeefe54be3c13a992eda37d4bb4bc7
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Sep 15 14:34:49 2011 +0800
test cf with quotes in search
diff --git a/t/web/search_cf_quotes.t b/t/web/search_cf_quotes.t
new file mode 100644
index 0000000..360fe0d
--- /dev/null
+++ b/t/web/search_cf_quotes.t
@@ -0,0 +1,53 @@
+use strict;
+use warnings;
+
+use RT::Test tests => 24;
+my ( $baseurl, $m ) = RT::Test->started_ok;
+
+my $cf = RT::CustomField->new($RT::SystemUser);
+ok(
+ $cf->Create(
+ Name => "I'm a cf",
+ Type => 'Date',
+ LookupType => 'RT::Queue-RT::Ticket',
+ )
+);
+ok( $cf->AddToObject( RT::Queue->new($RT::SystemUser) ) );
+
+RT::Test->create_tickets(
+ { Queue => 'General' },
+ { Subject => 'ticket foo', 'CustomField-' . $cf->id => '2011-09-15' },
+ { Subject => 'ticket bar', 'CustomField-' . $cf->id => '2011-10-15' },
+ { Subject => 'ticket baz' },
+);
+
+ok( $m->login, 'logged in' );
+
+$m->get_ok('/Search/Build.html');
+$m->form_name( 'BuildQuery' );
+
+my ($cf_op) =
+ $m->find_all_inputs( type => 'option', name_regex => qr/I'm a cf/ );
+my ($cf_field) =
+ $m->find_all_inputs( type => 'text', name_regex => qr/I'm a cf/ );
+
+diag "search directly";
+$m->submit_form(
+ fields => { $cf_op->name => '<', $cf_field->name => '2011-09-30', },
+ button => 'DoSearch',
+);
+
+$m->title_is( 'Found 1 ticket', 'found only 1 ticket' );
+$m->content_contains( 'ticket foo', 'has ticket foo' );
+
+diag "first add clause, then search";
+$m->get_ok('/Search/Build.html?NewQuery=1');
+$m->form_name( 'BuildQuery' );
+$m->submit_form(
+ fields => { $cf_op->name => '<', $cf_field->name => '2011-09-30', },
+ button => 'AddClause',
+);
+$m->follow_link_ok( { text => 'Show Results' } );
+$m->title_is( 'Found 1 ticket', 'found only 1 ticket' );
+$m->content_contains( 'ticket foo', 'has ticket foo' );
+
commit a90baf36e0e8bc1b26168bf8bcf33a2cca901fec
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Sep 29 19:47:12 2011 -0400
Properly escape the keys of search clauses when (re)building them
While the values are properly escaped, the keys are not. Deal with
custom fields containing spaces, quotes, or backslashes by properly
escaping them and wrapping them in quotes.
diff --git a/lib/RT/Interface/Web/QueryBuilder/Tree.pm b/lib/RT/Interface/Web/QueryBuilder/Tree.pm
index 034e9f2..a1de477 100644
--- a/lib/RT/Interface/Web/QueryBuilder/Tree.pm
+++ b/lib/RT/Interface/Web/QueryBuilder/Tree.pm
@@ -274,7 +274,10 @@ sub ParseSQL {
$value =~ s/(['\\])/\\$1/g;
$value = "'$value'";
}
- $key = "'$key'" if $key =~ /^CF./;
+
+ if ($key =~ s/(['\\])/\\$1/g or $key =~ /\s/) {
+ $key = "'$key'";
+ }
my $clause = { Key => $key, Op => $op, Value => $value };
$node->addChild( __PACKAGE__->new( $clause ) );
diff --git a/share/html/Search/Build.html b/share/html/Search/Build.html
index e5e1002..1fa688b 100644
--- a/share/html/Search/Build.html
+++ b/share/html/Search/Build.html
@@ -234,6 +234,12 @@ foreach my $arg ( keys %ARGS ) {
$value = "'$value'";
}
+ if ($keyword =~ /^'CF\.{(.*)}'/) {
+ my $cf = $1;
+ $cf =~ s/(['\\])/\\$1/g;
+ $keyword = "'CF.{$cf}'";
+ }
+
my $clause = {
Key => $keyword,
Op => $op,
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list