Use sanitize_sql_like in Query#sql_contains (#35073).

Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@21232 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Marius Balteanu <marius.balteanu@zitec.com> 2021-10-03 19:45:20 +0000
committer: Marius Balteanu <marius.balteanu@zitec.com> 2021-10-03 19:45:20 +0000
commit: 0ec96f52f3be5ef0b687c90a06f28921a105da3a (patch)
tree: acddb3fc1515b4a616de7e799b2b4fcf803fd3a3 /test/unit
parent: 05e9d7883b6bf6dc556196a75b6ab8e389d834e2 (diff)
download: redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.tar.gz
redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb
index ccf30f477..767cf36ba 100644
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -2811,4 +2811,19 @@ class QueryTest < ActiveSupport::TestCase
       end
     end
   end
+
+  def test_sql_contains_should_escape_value
+    i = Issue.generate! subject: 'Sanitize test'
+    query = IssueQuery.new(:project => nil, :name => '_')
+    query.add_filter('subject', '~', ['te%t'])
+    assert_equal 0, query.issue_count
+
+    i.update_column :subject, 'Sanitize te%t'
+    assert_equal 1, query.issue_count
+
+    i.update_column :subject, 'Sanitize te_t'
+    query = IssueQuery.new(:project => nil, :name => '_')
+    query.add_filter('subject', '~', ['te_t'])
+    assert_equal 1, query.issue_count
+  end
 end
author	Marius Balteanu <marius.balteanu@zitec.com>	2021-10-03 19:45:20 +0000
committer	Marius Balteanu <marius.balteanu@zitec.com>	2021-10-03 19:45:20 +0000
commit	0ec96f52f3be5ef0b687c90a06f28921a105da3a (patch)
tree	acddb3fc1515b4a616de7e799b2b4fcf803fd3a3 /test/unit
parent	05e9d7883b6bf6dc556196a75b6ab8e389d834e2 (diff)
download	redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.tar.gz redmine-0ec96f52f3be5ef0b687c90a06f28921a105da3a.zip