From: Jean-Philippe Lang Date: Thu, 3 Jan 2013 13:33:16 +0000 (+0000) Subject: Make sure we don't cast an empty string to numeric (#12713). X-Git-Tag: 2.3.0~365 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=77f6b404fac599a01511e8d96002af001b0042f5;p=redmine.git Make sure we don't cast an empty string to numeric (#12713). SQLServer evaluates the CAST condition even if the <> '' condition is false. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11103 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/models/custom_field.rb b/app/models/custom_field.rb index a9c42d4bb..c5a1ca6ef 100644 --- a/app/models/custom_field.rb +++ b/app/models/custom_field.rb @@ -185,7 +185,7 @@ class CustomField < ActiveRecord::Base # Make the database cast values into numeric # Postgresql will raise an error if a value can not be casted! # CustomValue validations should ensure that it doesn't occur - "CAST(#{join_alias}.value AS decimal(30,3))" + "CAST(CASE #{join_alias}.value WHEN '' THEN '0' ELSE #{join_alias}.value END AS decimal(30,3))" when 'user', 'version' value_class.fields_for_order_statement(value_join_alias) else @@ -220,7 +220,7 @@ class CustomField < ActiveRecord::Base " AND #{join_alias}_2.customized_id = #{join_alias}.customized_id" + " AND #{join_alias}_2.custom_field_id = #{join_alias}.custom_field_id)" + " LEFT OUTER JOIN #{value_class.table_name} #{value_join_alias}" + - " ON CAST(#{join_alias}.value as decimal(30,0)) = #{value_join_alias}.id" + " ON CAST(CASE #{join_alias}.value WHEN '' THEN '0' ELSE #{join_alias}.value END AS decimal(30,0)) = #{value_join_alias}.id" when 'int', 'float' "LEFT OUTER JOIN #{CustomValue.table_name} #{join_alias}" + " ON #{join_alias}.customized_type = '#{self.class.customized_class.base_class.name}'" + diff --git a/app/models/query.rb b/app/models/query.rb index e4be380bf..702236645 100644 --- a/app/models/query.rb +++ b/app/models/query.rb @@ -532,13 +532,13 @@ class Query < ActiveRecord::Base sql = date_clause(db_table, db_field, (Date.parse(value.first) rescue nil), (Date.parse(value.first) rescue nil)) when :integer if is_custom_filter - sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(30,3)) = #{value.first.to_i})" + sql = "(#{db_table}.#{db_field} <> '' AND CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' ELSE #{db_table}.#{db_field} END AS decimal(30,3)) = #{value.first.to_i})" else sql = "#{db_table}.#{db_field} = #{value.first.to_i}" end when :float if is_custom_filter - sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(30,3)) BETWEEN #{value.first.to_f - 1e-5} AND #{value.first.to_f + 1e-5})" + sql = "(#{db_table}.#{db_field} <> '' AND CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' ELSE #{db_table}.#{db_field} END AS decimal(30,3)) BETWEEN #{value.first.to_f - 1e-5} AND #{value.first.to_f + 1e-5})" else sql = "#{db_table}.#{db_field} BETWEEN #{value.first.to_f - 1e-5} AND #{value.first.to_f + 1e-5}" end @@ -567,7 +567,7 @@ class Query < ActiveRecord::Base sql = date_clause(db_table, db_field, (Date.parse(value.first) rescue nil), nil) else if is_custom_filter - sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(30,3)) >= #{value.first.to_f})" + sql = "(#{db_table}.#{db_field} <> '' AND CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' ELSE #{db_table}.#{db_field} END AS decimal(30,3)) >= #{value.first.to_f})" else sql = "#{db_table}.#{db_field} >= #{value.first.to_f}" end @@ -577,7 +577,7 @@ class Query < ActiveRecord::Base sql = date_clause(db_table, db_field, nil, (Date.parse(value.first) rescue nil)) else if is_custom_filter - sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(30,3)) <= #{value.first.to_f})" + sql = "(#{db_table}.#{db_field} <> '' AND CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' ELSE #{db_table}.#{db_field} END AS decimal(30,3)) <= #{value.first.to_f})" else sql = "#{db_table}.#{db_field} <= #{value.first.to_f}" end @@ -587,7 +587,7 @@ class Query < ActiveRecord::Base sql = date_clause(db_table, db_field, (Date.parse(value[0]) rescue nil), (Date.parse(value[1]) rescue nil)) else if is_custom_filter - sql = "(#{db_table}.#{db_field} <> '' AND CAST(#{db_table}.#{db_field} AS decimal(30,3)) BETWEEN #{value[0].to_f} AND #{value[1].to_f})" + sql = "(#{db_table}.#{db_field} <> '' AND CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' ELSE #{db_table}.#{db_field} END AS decimal(30,3)) BETWEEN #{value[0].to_f} AND #{value[1].to_f})" else sql = "#{db_table}.#{db_field} BETWEEN #{value[0].to_f} AND #{value[1].to_f}" end diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb index 693399362..776241870 100644 --- a/test/unit/query_test.rb +++ b/test/unit/query_test.rb @@ -328,7 +328,7 @@ class QueryTest < ActiveSupport::TestCase f = IssueCustomField.create!(:name => 'filter', :field_format => 'int', :is_filter => true, :is_for_all => true) query = IssueQuery.new(:project => Project.find(1), :name => '_') query.add_filter("cf_#{f.id}", '<=', ['30']) - assert query.statement.include?("CAST(custom_values.value AS decimal(30,3)) <= 30.0") + assert_match /CAST.+ <= 30\.0/, query.statement find_issues_with_query(query) end @@ -343,7 +343,7 @@ class QueryTest < ActiveSupport::TestCase f = IssueCustomField.create!(:name => 'filter', :field_format => 'int', :is_filter => true, :is_for_all => true) query = IssueQuery.new(:project => Project.find(1), :name => '_') query.add_filter("cf_#{f.id}", '><', ['30', '40']) - assert_include "CAST(custom_values.value AS decimal(30,3)) BETWEEN 30.0 AND 40.0", query.statement + assert_match /CAST.+ BETWEEN 30.0 AND 40.0/, query.statement find_issues_with_query(query) end