From 05e9d7883b6bf6dc556196a75b6ab8e389d834e2 Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Sun, 3 Oct 2021 19:44:39 +0000
Subject: Use sanitize_sql_like in like scopes (#35073).
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Patch Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@21231 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/unit/issue_test.rb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'test/unit/issue_test.rb')

diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index e298f4d68..12a63438d 100644
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -3406,4 +3406,20 @@ class IssueTest < ActiveSupport::TestCase
 
     assert_equal [5], issue2.filter_projects_scope('').ids.sort
   end
+
+  def test_like_should_escape_query
+    issue = Issue.generate!(:subject => "asdf")
+    r = Issue.like('as_f')
+    assert_not_include issue, r
+    r = Issue.like('as%f')
+    assert_not_include issue, r
+
+    issue = Issue.generate!(:subject => "as%f")
+    r = Issue.like('as%f')
+    assert_include issue, r
+
+    issue = Issue.generate!(:subject => "as_f")
+    r = Issue.like('as_f')
+    assert_include issue, r
+  end
 end
-- 
cgit v1.2.3