diff options
| author | Marius Balteanu <marius.balteanu@zitec.com> | 2021-10-03 19:44:39 +0000 |
|---|---|---|
| committer | Marius Balteanu <marius.balteanu@zitec.com> | 2021-10-03 19:44:39 +0000 |
| commit | 05e9d7883b6bf6dc556196a75b6ab8e389d834e2 (patch) | |
| tree | 4faf6589808c4a580a5f5d0223d6142b8e32c461 /test | |
| parent | 65f31d52cdd612407200f6af9045fa682345fab8 (diff) | |
| download | redmine-05e9d7883b6bf6dc556196a75b6ab8e389d834e2.tar.gz redmine-05e9d7883b6bf6dc556196a75b6ab8e389d834e2.zip | |
Use sanitize_sql_like in like scopes (#35073).
Patch Jens Krämer.
git-svn-id: http://svn.redmine.org/redmine/trunk@21231 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
| -rw-r--r-- | test/unit/issue_test.rb | 16 | ||||
| -rw-r--r-- | test/unit/principal_test.rb | 16 | ||||
| -rw-r--r-- | test/unit/project_test.rb | 16 | ||||
| -rw-r--r-- | test/unit/version_test.rb | 16 |
4 files changed, 64 insertions, 0 deletions
diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb index e298f4d68..12a63438d 100644 --- a/test/unit/issue_test.rb +++ b/test/unit/issue_test.rb @@ -3406,4 +3406,20 @@ class IssueTest < ActiveSupport::TestCase assert_equal [5], issue2.filter_projects_scope('').ids.sort end + + def test_like_should_escape_query + issue = Issue.generate!(:subject => "asdf") + r = Issue.like('as_f') + assert_not_include issue, r + r = Issue.like('as%f') + assert_not_include issue, r + + issue = Issue.generate!(:subject => "as%f") + r = Issue.like('as%f') + assert_include issue, r + + issue = Issue.generate!(:subject => "as_f") + r = Issue.like('as_f') + assert_include issue, r + end end diff --git a/test/unit/principal_test.rb b/test/unit/principal_test.rb index f9953620d..ee6d3179c 100644 --- a/test/unit/principal_test.rb +++ b/test/unit/principal_test.rb @@ -147,4 +147,20 @@ class PrincipalTest < ActiveSupport::TestCase assert_equal 1, results.count assert_equal user, results.first end + + def test_like_scope_should_escape_query + user = User.generate!(:firstname => 'Leonardo', :lastname => 'da Vinci') + r = Principal.like('Vi_ci') + assert_not_include user, r + r = Principal.like('Vi%ci') + assert_not_include user, r + + user.update_column :lastname, 'da Vi%ci' + r = Principal.like('vi%ci') + assert_include user, r + + user.update_column :lastname, 'da Vi_ci' + r = Principal.like('vi_ci') + assert_include user, r + end end diff --git a/test/unit/project_test.rb b/test/unit/project_test.rb index 7a0e9934f..5a1497809 100644 --- a/test/unit/project_test.rb +++ b/test/unit/project_test.rb @@ -1127,4 +1127,20 @@ class ProjectTest < ActiveSupport::TestCase assert_equal 'valuea', project.custom_field_value(cf1) assert_nil project.custom_field_value(cf2) end + + def test_like_scope_should_escape_query + project = Project.find 'ecookbook' + r = Project.like('eco_k') + assert_not_include project, r + r = Project.like('eco%k') + assert_not_include project, r + + project.update_column :name, 'Eco%kbook' + r = Project.like('eco%k') + assert_include project, r + + project.update_column :name, 'Eco_kbook' + r = Project.like('eco_k') + assert_include project, r + end end diff --git a/test/unit/version_test.rb b/test/unit/version_test.rb index 057a97e6e..061c259d5 100644 --- a/test/unit/version_test.rb +++ b/test/unit/version_test.rb @@ -300,6 +300,22 @@ class VersionTest < ActiveSupport::TestCase assert_includes Version.like('like scope'), version end + def test_like_scope_should_escape_query + version = Version.create!(:project => Project.find(1), :name => 'Version for like scope test') + r = Version.like('Ver_ion') + assert_not_include version, r + r = Version.like('Ver%ion') + assert_not_include version, r + + version.update_column :name, 'Ver%ion' + r = Version.like('ver%i') + assert_include version, r + + version.update_column :name, 'Ver_ion' + r = Version.like('ver_i') + assert_include version, r + end + def test_safe_attributes_should_include_only_custom_fields_visible_to_user cf1 = VersionCustomField.create!(:name => 'Visible field', :field_format => 'string', |