Fix SQL error when passing invalid value to "Related to" filter (#38301).

author Go MAEDA <maeda@farend.jp>

Wed, 21 Jun 2023 06:05:09 +0000 (06:05 +0000)

committer Go MAEDA <maeda@farend.jp>

Wed, 21 Jun 2023 06:05:09 +0000 (06:05 +0000)
author Go MAEDA <maeda@farend.jp>
Wed, 21 Jun 2023 06:05:09 +0000 (06:05 +0000)
committer Go MAEDA <maeda@farend.jp>
Wed, 21 Jun 2023 06:05:09 +0000 (06:05 +0000)
diff --git a/app/models/issue_query.rb b/app/models/issue_query.rb

index a0420c9941e3b60d1e399c1d6a56c9ca9dec59f6..410f053f54cfd39d0099661585828f3f4191ee40 100644 (file)
--- a/app/models/issue_query.rb
+++ b/app/models/issue_query.rb
@@ -725,7 +725,6 @@ class IssueQuery < Query
        relation_type = relation_options[:reverse] || relation_type
        join_column, target_join_column = target_join_column, join_column
      end
-    ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq
      sql =
        case operator
        when "*", "!*"
@@ -736,13 +735,18 @@ class IssueQuery < Query
               " WHERE #{IssueRelation.table_name}.relation_type =" \
                    " '#{self.class.connection.quote_string(relation_type)}')"
        when "=", "!"
-        op = (operator == "=" ? 'IN' : 'NOT IN')
-        "#{Issue.table_name}.id #{op}" \
-         " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \
-           " FROM #{IssueRelation.table_name}" \
-             " WHERE #{IssueRelation.table_name}.relation_type =" \
-                  " '#{self.class.connection.quote_string(relation_type)}'" \
-               " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))"
+        ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq
+        if ids.present?
+          op = (operator == "=" ? 'IN' : 'NOT IN')
+          "#{Issue.table_name}.id #{op}" \
+           " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \
+             " FROM #{IssueRelation.table_name}" \
+               " WHERE #{IssueRelation.table_name}.relation_type =" \
+                    " '#{self.class.connection.quote_string(relation_type)}'" \
+                 " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))"
+        else
+          "1=0"
+        end
        when "=p", "=!p", "!p"
          op = (operator == "!p" ? 'NOT IN' : 'IN')
          comp = (operator == "=!p" ? '<>' : '=')
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb

index 8c5b5e1c815754a4af14e6b796ec55cd4699c8cf..bb3eecb04caee17091f5fad097677253e5ba8379 100644 (file)
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -1650,6 +1650,10 @@ class QueryTest < ActiveSupport::TestCase
      query.filters = {"relates" => {:operator => '=', :values => ['1,2']}}
      assert_equal [1, 2, 3], find_issues_with_query(query).map(&:id).sort
  
+    query = IssueQuery.new(:name => '_')
+    query.filters = {"relates" => {:operator => '=', :values => ['invalid']}}
+    assert_equal [], find_issues_with_query(query).map(&:id)
+
      query = IssueQuery.new(:name => '_')
      query.filters = {"relates" => {:operator => '!', :values => ['1']}}
      assert_equal Issue.where.not(:id => [2, 3]).order(:id).ids, find_issues_with_query(query).map(&:id).sort
author	Go MAEDA <maeda@farend.jp>
	Wed, 21 Jun 2023 06:05:09 +0000 (06:05 +0000)
committer	Go MAEDA <maeda@farend.jp>
	Wed, 21 Jun 2023 06:05:09 +0000 (06:05 +0000)
app/models/issue_query.rb		patch \| blob \| history
test/unit/query_test.rb		patch \| blob \| history