diff options
author | Go MAEDA <maeda@farend.jp> | 2023-06-21 06:05:09 +0000 |
---|---|---|
committer | Go MAEDA <maeda@farend.jp> | 2023-06-21 06:05:09 +0000 |
commit | f500357ba2ae8afd5a09edb0254d0b4ff83d0f4b (patch) | |
tree | fc2499fc9b09874f0ae094ec09e8da6ffadd39b3 /app | |
parent | 828439338f35000eb5da567316ee4ba94f940f3d (diff) | |
download | redmine-f500357ba2ae8afd5a09edb0254d0b4ff83d0f4b.tar.gz redmine-f500357ba2ae8afd5a09edb0254d0b4ff83d0f4b.zip |
Fix SQL error when passing invalid value to "Related to" filter (#38301).
git-svn-id: https://svn.redmine.org/redmine/trunk@22256 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
-rw-r--r-- | app/models/issue_query.rb | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/app/models/issue_query.rb b/app/models/issue_query.rb index a0420c994..410f053f5 100644 --- a/app/models/issue_query.rb +++ b/app/models/issue_query.rb @@ -725,7 +725,6 @@ class IssueQuery < Query relation_type = relation_options[:reverse] || relation_type join_column, target_join_column = target_join_column, join_column end - ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq sql = case operator when "*", "!*" @@ -736,13 +735,18 @@ class IssueQuery < Query " WHERE #{IssueRelation.table_name}.relation_type =" \ " '#{self.class.connection.quote_string(relation_type)}')" when "=", "!" - op = (operator == "=" ? 'IN' : 'NOT IN') - "#{Issue.table_name}.id #{op}" \ - " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \ - " FROM #{IssueRelation.table_name}" \ - " WHERE #{IssueRelation.table_name}.relation_type =" \ - " '#{self.class.connection.quote_string(relation_type)}'" \ - " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))" + ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq + if ids.present? + op = (operator == "=" ? 'IN' : 'NOT IN') + "#{Issue.table_name}.id #{op}" \ + " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \ + " FROM #{IssueRelation.table_name}" \ + " WHERE #{IssueRelation.table_name}.relation_type =" \ + " '#{self.class.connection.quote_string(relation_type)}'" \ + " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))" + else + "1=0" + end when "=p", "=!p", "!p" op = (operator == "!p" ? 'NOT IN' : 'IN') comp = (operator == "=!p" ? '<>' : '=') |