Use sanitize_sql_like on search tokens (#35073).

Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@21230 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Marius Balteanu <marius.balteanu@zitec.com> 2021-10-03 19:43:19 +0000
committer: Marius Balteanu <marius.balteanu@zitec.com> 2021-10-03 19:43:19 +0000
commit: 65f31d52cdd612407200f6af9045fa682345fab8 (patch)
tree: e6609c75d35e4b2653fa59c36219c94257bc5bc0 /lib
parent: 673ec2f2a65541276436b5cf00d133b3f51a4980 (diff)
download: redmine-65f31d52cdd612407200f6af9045fa682345fab8.tar.gz
redmine-65f31d52cdd612407200f6af9045fa682345fab8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb b/lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb
index d8fd38447..871f39ef3 100644
--- a/lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb
+++ b/lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb
@@ -155,7 +155,7 @@ module Redmine
           def search_tokens_condition(columns, tokens, all_words)
             token_clauses = columns.map {|column| "(#{search_token_match_statement(column)})"}
             sql = (['(' + token_clauses.join(' OR ') + ')'] * tokens.size).join(all_words ? ' AND ' : ' OR ')
-            [sql, * (tokens.collect {|w| "%#{w}%"} * token_clauses.size).sort]
+            [sql, * (tokens.collect {|w| "%#{ActiveRecord::Base.sanitize_sql_like w}%"} * token_clauses.size).sort]
           end
           private :search_tokens_condition
author	Marius Balteanu <marius.balteanu@zitec.com>	2021-10-03 19:43:19 +0000
committer	Marius Balteanu <marius.balteanu@zitec.com>	2021-10-03 19:43:19 +0000
commit	65f31d52cdd612407200f6af9045fa682345fab8 (patch)
tree	e6609c75d35e4b2653fa59c36219c94257bc5bc0 /lib
parent	673ec2f2a65541276436b5cf00d133b3f51a4980 (diff)
download	redmine-65f31d52cdd612407200f6af9045fa682345fab8.tar.gz redmine-65f31d52cdd612407200f6af9045fa682345fab8.zip