From: Go MAEDA Date: Wed, 21 Jun 2023 06:05:09 +0000 (+0000) Subject: Fix SQL error when passing invalid value to "Related to" filter (#38301). X-Git-Tag: 5.1.0~115 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=f500357ba2ae8afd5a09edb0254d0b4ff83d0f4b;p=redmine.git Fix SQL error when passing invalid value to "Related to" filter (#38301). git-svn-id: https://svn.redmine.org/redmine/trunk@22256 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/models/issue_query.rb b/app/models/issue_query.rb index a0420c994..410f053f5 100644 --- a/app/models/issue_query.rb +++ b/app/models/issue_query.rb @@ -725,7 +725,6 @@ class IssueQuery < Query relation_type = relation_options[:reverse] || relation_type join_column, target_join_column = target_join_column, join_column end - ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq sql = case operator when "*", "!*" @@ -736,13 +735,18 @@ class IssueQuery < Query " WHERE #{IssueRelation.table_name}.relation_type =" \ " '#{self.class.connection.quote_string(relation_type)}')" when "=", "!" - op = (operator == "=" ? 'IN' : 'NOT IN') - "#{Issue.table_name}.id #{op}" \ - " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \ - " FROM #{IssueRelation.table_name}" \ - " WHERE #{IssueRelation.table_name}.relation_type =" \ - " '#{self.class.connection.quote_string(relation_type)}'" \ - " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))" + ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq + if ids.present? + op = (operator == "=" ? 'IN' : 'NOT IN') + "#{Issue.table_name}.id #{op}" \ + " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \ + " FROM #{IssueRelation.table_name}" \ + " WHERE #{IssueRelation.table_name}.relation_type =" \ + " '#{self.class.connection.quote_string(relation_type)}'" \ + " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))" + else + "1=0" + end when "=p", "=!p", "!p" op = (operator == "!p" ? 'NOT IN' : 'IN') comp = (operator == "=!p" ? '<>' : '=') diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb index 8c5b5e1c8..bb3eecb04 100644 --- a/test/unit/query_test.rb +++ b/test/unit/query_test.rb @@ -1650,6 +1650,10 @@ class QueryTest < ActiveSupport::TestCase query.filters = {"relates" => {:operator => '=', :values => ['1,2']}} assert_equal [1, 2, 3], find_issues_with_query(query).map(&:id).sort + query = IssueQuery.new(:name => '_') + query.filters = {"relates" => {:operator => '=', :values => ['invalid']}} + assert_equal [], find_issues_with_query(query).map(&:id) + query = IssueQuery.new(:name => '_') query.filters = {"relates" => {:operator => '!', :values => ['1']}} assert_equal Issue.where.not(:id => [2, 3]).order(:id).ids, find_issues_with_query(query).map(&:id).sort