[Rt-commit] rt branch, 4.2/ticketsql-quoting, created. rt-4.0.2-123-g3bef226

Alex Vandiver alexmv at bestpractical.com
Fri Sep 30 11:13:29 EDT 2011 

The branch, 4.2/ticketsql-quoting has been created
        at  3bef226f7975150d13590c93cc73f6058ee7aecc (commit)

- Log -----------------------------------------------------------------
commit 3bef226f7975150d13590c93cc73f6058ee7aecc
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Thu Sep 29 20:42:21 2011 -0400

    Remove quotes in CF form elements to avoid implying correct quoting
    
    The form elements were previously named << ValueOf'CF.{Name}' >>, with
    the quotes not serving to actually delimit in any useful manner --
    especially the inner CF name did not escape quotes in any way.  Remove
    the unnecessary quotes in the form parameter enirely; this has the
    pleasant side-effect of making the code in Search/Build.html that does
    the escaping much more straighforward, as it mirrors similar code
    throughout the rest of RT.
    
    Note this only affects the name of the form element, and does not change
    the generated TicketSQL.

diff --git a/share/html/Search/Build.html b/share/html/Search/Build.html
index 1fa688b..5ba5a63 100644
--- a/share/html/Search/Build.html
+++ b/share/html/Search/Build.html
@@ -190,7 +190,7 @@ my @new_values = ();
 
 # Try to find if we're adding a clause
 foreach my $arg ( keys %ARGS ) {
-    next unless $arg =~ m/^ValueOf(\w+|'CF.{.*?}')$/
+    next unless $arg =~ m/^ValueOf(\w+|CF.{.*?})$/
                 && ( ref $ARGS{$arg} eq "ARRAY"
                      ? grep $_ ne '', @{ $ARGS{$arg} }
                      : $ARGS{$arg} ne '' );
@@ -234,10 +234,8 @@ foreach my $arg ( keys %ARGS ) {
             $value = "'$value'";
         }
 
-        if ($keyword =~ /^'CF\.{(.*)}'/) {
-            my $cf = $1;
-            $cf =~ s/(['\\])/\\$1/g;
-            $keyword = "'CF.{$cf}'";
+        if ($keyword =~ s/(['\\])/\\$1/g or $keyword =~ /\s/) {
+            $keyword = "'$keyword'";
         }
 
         my $clause = {
diff --git a/share/html/Search/Elements/PickCFs b/share/html/Search/Elements/PickCFs
index f3ae629..d765a9d 100644
--- a/share/html/Search/Elements/PickCFs
+++ b/share/html/Search/Elements/PickCFs
@@ -76,7 +76,7 @@ $m->callback(
 my @lines;
 while ( my $CustomField = $CustomFields->Next ) {
     my %line;
-    $line{'Name'} = "'CF.{" . $CustomField->Name . "}'";
+    $line{'Name'} = "CF.{" . $CustomField->Name . "}";
     $line{'Field'} = $CustomField->Name;
 
     # Op
diff --git a/t/customfields/ip.t b/t/customfields/ip.t
index f73e63f..1c1e642 100644
--- a/t/customfields/ip.t
+++ b/t/customfields/ip.t
@@ -279,7 +279,7 @@ diag "test the operators in search page" if $ENV{'TEST_VERBOSE'};
     $agent->get_ok( $baseurl . "/Search/Build.html?Query=Queue='General'" );
     $agent->content_contains('CF.{IP}', 'got CF.{IP}');
     my $form = $agent->form_name('BuildQuery');
-    my $op = $form->find_input("'CF.{IP}'Op");
-    ok( $op, "found 'CF.{IP}'Op" );
+    my $op = $form->find_input("CF.{IP}Op");
+    ok( $op, "found CF.{IP}Op" );
     is_deeply( [ $op->possible_values ], [ '=', '!=', '<', '>' ], 'op values' );
 }
diff --git a/t/customfields/iprange.t b/t/customfields/iprange.t
index 118d23c..95dba42 100644
--- a/t/customfields/iprange.t
+++ b/t/customfields/iprange.t
@@ -462,8 +462,8 @@ diag "test the operators in search page" if $ENV{'TEST_VERBOSE'};
     $agent->get_ok( $baseurl . "/Search/Build.html?Query=Queue='General'" );
     $agent->content_contains('CF.{IP}', 'got CF.{IP}');
     my $form = $agent->form_name('BuildQuery');
-    my $op = $form->find_input("'CF.{IP}'Op");
-    ok( $op, "found 'CF.{IP}'Op" );
+    my $op = $form->find_input("CF.{IP}Op");
+    ok( $op, "found CF.{IP}Op" );
     is_deeply( [ $op->possible_values ], [ '=', '!=', '<', '>' ], 'op values' );
 }
 
diff --git a/t/web/query_builder.t b/t/web/query_builder.t
index 0abbfac..e09a704 100644
--- a/t/web/query_builder.t
+++ b/t/web/query_builder.t
@@ -214,10 +214,10 @@ diag "click advanced, enter 'C1 OR ( C2 AND C3 )', apply, aggregators should sta
     ok( $response->is_success, "Fetched " . $url."Search/Build.html" );
 
     ok($agent->form_name('BuildQuery'), "found the form once");
-    $agent->field("ValueOf'CF.{\x{442}}'", "\x{441}");
+    $agent->field("ValueOfCF.{\x{442}}", "\x{441}");
     $agent->submit();
     is( getQueryFromForm($agent),
-        "'CF.{\x{442}}' LIKE '\x{441}'",
+        "CF.{\x{442}} LIKE '\x{441}'",
         "no changes, no duplicate condition with badly encoded text"
     );
 

-----------------------------------------------------------------------

More information about the Rt-commit mailing list