From 0ec96f52f3be5ef0b687c90a06f28921a105da3a Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Sun, 3 Oct 2021 19:45:20 +0000
Subject: Use sanitize_sql_like in Query#sql_contains (#35073).
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Patch by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@21232 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/unit/query_test.rb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'test/unit')

diff --git a/test/unit/query_test.rb b/test/unit/query_test.rb
index ccf30f477..767cf36ba 100644
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@@ -2811,4 +2811,19 @@ class QueryTest < ActiveSupport::TestCase
       end
     end
   end
+
+  def test_sql_contains_should_escape_value
+    i = Issue.generate! subject: 'Sanitize test'
+    query = IssueQuery.new(:project => nil, :name => '_')
+    query.add_filter('subject', '~', ['te%t'])
+    assert_equal 0, query.issue_count
+
+    i.update_column :subject, 'Sanitize te%t'
+    assert_equal 1, query.issue_count
+
+    i.update_column :subject, 'Sanitize te_t'
+    query = IssueQuery.new(:project => nil, :name => '_')
+    query.add_filter('subject', '~', ['te_t'])
+    assert_equal 1, query.issue_count
+  end
 end
-- 
cgit v1.2.3