From 6cbf1f2015ec8f882fd793c21547560c9d282657 Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Sat, 9 Oct 2021 06:35:47 +0000
Subject: Explicitly specify escape character using an ESCAPE on SQLite
 (#35073).

Patch by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@21240 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/principal.rb | 8 ++++----
 app/models/project.rb   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/models/principal.rb b/app/models/principal.rb
index 82c17b472..495d55669 100644
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -72,16 +72,16 @@ class Principal < ActiveRecord::Base
       where({})
     else
       pattern = "%#{sanitize_sql_like q}%"
-      sql = +"LOWER(#{table_name}.login) LIKE LOWER(:p)"
-      sql << " OR #{table_name}.id IN (SELECT user_id FROM #{EmailAddress.table_name} WHERE LOWER(address) LIKE LOWER(:p))"
-      params = {:p => pattern}
+      sql = +"LOWER(#{table_name}.login) LIKE LOWER(:p) ESCAPE :s"
+      sql << " OR #{table_name}.id IN (SELECT user_id FROM #{EmailAddress.table_name} WHERE LOWER(address) LIKE LOWER(:p) ESCAPE :s)"
+      params = {:p => pattern, :s => '\\'}
 
       tokens = q.split(/\s+/).reject(&:blank?).map {|token| "%#{sanitize_sql_like token}%"}
       if tokens.present?
         sql << ' OR ('
         sql << tokens.map.with_index do |token, index|
           params[:"token_#{index}"] = token
-          "(LOWER(#{table_name}.firstname) LIKE LOWER(:token_#{index}) OR LOWER(#{table_name}.lastname) LIKE LOWER(:token_#{index}))"
+          "(LOWER(#{table_name}.firstname) LIKE LOWER(:token_#{index}) ESCAPE :s OR LOWER(#{table_name}.lastname) LIKE LOWER(:token_#{index}) ESCAPE :s)"
         end.join(' AND ')
         sql << ')'
       end
diff --git a/app/models/project.rb b/app/models/project.rb
index c99badb72..429189fc3 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -108,7 +108,7 @@ class Project < ActiveRecord::Base
   scope :like, (lambda do |arg|
     if arg.present?
       pattern = "%#{sanitize_sql_like arg.to_s.strip}%"
-      where("LOWER(identifier) LIKE LOWER(:p) OR LOWER(name) LIKE LOWER(:p)", :p => pattern)
+      where("LOWER(identifier) LIKE LOWER(:p) ESCAPE :s OR LOWER(name) LIKE LOWER(:p) ESCAPE :s", :p => pattern, :s => '\\')
     end
   end)
   scope :sorted, lambda {order(:lft)}
-- 
cgit v1.2.3