Use sanitize_sql_like in Query#sql_contains (#35073).

Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@21232 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Marius Balteanu <marius.balteanu@zitec.com> 2021-10-03 19:45:20 +0000
committer: Marius Balteanu <marius.balteanu@zitec.com> 2021-10-03 19:45:20 +0000
commit: 0ec96f52f3be5ef0b687c90a06f28921a105da3a (patch)
tree: acddb3fc1515b4a616de7e799b2b4fcf803fd3a3 /app
parent: 05e9d7883b6bf6dc556196a75b6ab8e389d834e2 (diff)
download: redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.tar.gz
redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/app/models/query.rb b/app/models/query.rb
index c49e4f4d1..b1a98b77d 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -1441,6 +1441,7 @@ class Query < ActiveRecord::Base
     prefix = '%' if options[:ends_with]
     suffix = '%' if options[:starts_with]
     prefix = suffix = '%' if prefix.nil? && suffix.nil?
+    value = queried_class.sanitize_sql_like value
     queried_class.send(
       :sanitize_sql_for_conditions,
       [Redmine::Database.like(db_field, '?', :match => options[:match]), "#{prefix}#{value}#{suffix}"])
author	Marius Balteanu <marius.balteanu@zitec.com>	2021-10-03 19:45:20 +0000
committer	Marius Balteanu <marius.balteanu@zitec.com>	2021-10-03 19:45:20 +0000
commit	0ec96f52f3be5ef0b687c90a06f28921a105da3a (patch)
tree	acddb3fc1515b4a616de7e799b2b4fcf803fd3a3 /app
parent	05e9d7883b6bf6dc556196a75b6ab8e389d834e2 (diff)
download	redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.tar.gz redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.zip