From f500357ba2ae8afd5a09edb0254d0b4ff83d0f4b Mon Sep 17 00:00:00 2001 From: Go MAEDA Date: Wed, 21 Jun 2023 06:05:09 +0000 Subject: Fix SQL error when passing invalid value to "Related to" filter (#38301). git-svn-id: https://svn.redmine.org/redmine/trunk@22256 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/issue_query.rb | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'app') diff --git a/app/models/issue_query.rb b/app/models/issue_query.rb index a0420c994..410f053f5 100644 --- a/app/models/issue_query.rb +++ b/app/models/issue_query.rb @@ -725,7 +725,6 @@ class IssueQuery < Query relation_type = relation_options[:reverse] || relation_type join_column, target_join_column = target_join_column, join_column end - ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq sql = case operator when "*", "!*" @@ -736,13 +735,18 @@ class IssueQuery < Query " WHERE #{IssueRelation.table_name}.relation_type =" \ " '#{self.class.connection.quote_string(relation_type)}')" when "=", "!" - op = (operator == "=" ? 'IN' : 'NOT IN') - "#{Issue.table_name}.id #{op}" \ - " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \ - " FROM #{IssueRelation.table_name}" \ - " WHERE #{IssueRelation.table_name}.relation_type =" \ - " '#{self.class.connection.quote_string(relation_type)}'" \ - " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))" + ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq + if ids.present? + op = (operator == "=" ? 'IN' : 'NOT IN') + "#{Issue.table_name}.id #{op}" \ + " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \ + " FROM #{IssueRelation.table_name}" \ + " WHERE #{IssueRelation.table_name}.relation_type =" \ + " '#{self.class.connection.quote_string(relation_type)}'" \ + " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))" + else + "1=0" + end when "=p", "=!p", "!p" op = (operator == "!p" ? 'NOT IN' : 'IN') comp = (operator == "=!p" ? '<>' : '=') -- cgit v1.2.3