diff options
| author | Marius Balteanu <marius.balteanu@zitec.com> | 2021-10-09 06:35:47 +0000 |
|---|---|---|
| committer | Marius Balteanu <marius.balteanu@zitec.com> | 2021-10-09 06:35:47 +0000 |
| commit | 6cbf1f2015ec8f882fd793c21547560c9d282657 (patch) | |
| tree | 5cfc4a4d6686e9e05b315c7f275d89d1b3c6a7e9 /app | |
| parent | a84efa80468348beb7b19b677defa6a7b1923cb4 (diff) | |
| download | redmine-6cbf1f2015ec8f882fd793c21547560c9d282657.tar.gz redmine-6cbf1f2015ec8f882fd793c21547560c9d282657.zip | |
Explicitly specify escape character using an ESCAPE on SQLite (#35073).
Patch by Go MAEDA.
git-svn-id: http://svn.redmine.org/redmine/trunk@21240 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/principal.rb | 8 | ||||
| -rw-r--r-- | app/models/project.rb | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/app/models/principal.rb b/app/models/principal.rb index 82c17b472..495d55669 100644 --- a/app/models/principal.rb +++ b/app/models/principal.rb @@ -72,16 +72,16 @@ class Principal < ActiveRecord::Base where({}) else pattern = "%#{sanitize_sql_like q}%" - sql = +"LOWER(#{table_name}.login) LIKE LOWER(:p)" - sql << " OR #{table_name}.id IN (SELECT user_id FROM #{EmailAddress.table_name} WHERE LOWER(address) LIKE LOWER(:p))" - params = {:p => pattern} + sql = +"LOWER(#{table_name}.login) LIKE LOWER(:p) ESCAPE :s" + sql << " OR #{table_name}.id IN (SELECT user_id FROM #{EmailAddress.table_name} WHERE LOWER(address) LIKE LOWER(:p) ESCAPE :s)" + params = {:p => pattern, :s => '\\'} tokens = q.split(/\s+/).reject(&:blank?).map {|token| "%#{sanitize_sql_like token}%"} if tokens.present? sql << ' OR (' sql << tokens.map.with_index do |token, index| params[:"token_#{index}"] = token - "(LOWER(#{table_name}.firstname) LIKE LOWER(:token_#{index}) OR LOWER(#{table_name}.lastname) LIKE LOWER(:token_#{index}))" + "(LOWER(#{table_name}.firstname) LIKE LOWER(:token_#{index}) ESCAPE :s OR LOWER(#{table_name}.lastname) LIKE LOWER(:token_#{index}) ESCAPE :s)" end.join(' AND ') sql << ')' end diff --git a/app/models/project.rb b/app/models/project.rb index c99badb72..429189fc3 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -108,7 +108,7 @@ class Project < ActiveRecord::Base scope :like, (lambda do |arg| if arg.present? pattern = "%#{sanitize_sql_like arg.to_s.strip}%" - where("LOWER(identifier) LIKE LOWER(:p) OR LOWER(name) LIKE LOWER(:p)", :p => pattern) + where("LOWER(identifier) LIKE LOWER(:p) ESCAPE :s OR LOWER(name) LIKE LOWER(:p) ESCAPE :s", :p => pattern, :s => '\\') end end) scope :sorted, lambda {order(:lft)} |