diff options
| author | Julien Lancelot <julien.lancelot@gmail.com> | 2013-02-08 15:26:46 +0100 |
|---|---|---|
| committer | Julien Lancelot <julien.lancelot@gmail.com> | 2013-02-08 15:26:46 +0100 |
| commit | 12cdab111316cf96aaa4baec4a04885855fbb68e (patch) | |
| tree | 4f753a4d094aec3790511be59ea700752dbe47df | |
| parent | fb9e5f23ef74b0378302ea3bb1c61609d8838b3f (diff) | |
| download | sonarqube-12cdab111316cf96aaa4baec4a04885855fbb68e.tar.gz sonarqube-12cdab111316cf96aaa4baec4a04885855fbb68e.zip | |
SONAR-3909 % and _ are also taken into account as any other character by the search API
3 files changed, 11 insertions, 13 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb index 144c9ea2fdb..f34daaf65e7 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb @@ -37,7 +37,7 @@ class Api::ResourcesController < Api::ApiController bad_request("Page index must be greater than 0") if page<=0 bad_request("Page size must be greater than 0") if page_size<=0 - key = search_text.downcase + key = escape_like(search_text).downcase conditions=['kee like ?'] condition_values=[key + '%'] @@ -45,8 +45,7 @@ class Api::ResourcesController < Api::ApiController conditions<<'qualifier in (?)' condition_values<<qualifiers end - indexes = ResourceIndex.find(:all, - :select => 'distinct(resource_id),root_project_id,qualifier,name_size', # optimization to not load unused columns like 'kee' + indexes = ResourceIndex.all(:select => 'distinct(resource_id),root_project_id,qualifier,name_size', # optimization to not load unused columns like 'kee' :conditions => [conditions.join(' and ')].concat(condition_values), :order => 'name_size') @@ -66,7 +65,7 @@ class Api::ResourcesController < Api::ApiController resources=[] unless resource_ids.empty? - resources=Project.find(:all, :select => 'id,qualifier,name,long_name,kee', :conditions => ['id in (?) and enabled=?', resource_ids, true]) + resources=Project.all(:select => 'id,qualifier,name,long_name,kee', :conditions => ['id in (?) and enabled=?', resource_ids, true]) end if select2_format @@ -182,8 +181,7 @@ class Api::ResourcesController < Api::ApiController add_rule_filters(measures_conditions, measures_values) add_characteristic_filters(measures_conditions, measures_values) - measures=ProjectMeasure.find(:all, - :joins => :snapshot, + measures=ProjectMeasure.all(:joins => :snapshot, :select => select_columns_for_measures, :conditions => [(snapshots_conditions + measures_conditions).join(' AND '), snapshots_values.merge(measures_values)], :order => measures_order, @@ -227,7 +225,7 @@ class Api::ResourcesController < Api::ApiController snapshots_values[:languages]=params['languages'].split(',') end - snapshots_including_resource=Snapshot.find(:all, :conditions => [snapshots_conditions.join(' AND '), snapshots_values], :include => 'project') + snapshots_including_resource=Snapshot.all(:conditions => [snapshots_conditions.join(' AND '), snapshots_values], :include => 'project') # ---------- APPLY SECURITY - remove unauthorized resources - only if no selected resource if @resource.nil? @@ -333,8 +331,7 @@ class Api::ResourcesController < Api::ApiController @characteristics=[] @characteristic_by_id={} if params[:model].present? && params[:characteristics].present? - @characteristics=Characteristic.find(:all, - :select => 'characteristics.id,characteristics.kee,characteristics.name', + @characteristics=Characteristic.all(:select => 'characteristics.id,characteristics.kee,characteristics.name', :joins => :quality_model, :conditions => ['quality_models.name=? AND characteristics.kee IN (?)', params[:model], params[:characteristics].split(',')]) if @characteristics.empty? diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb index 58bc66a29e5..778b84cde37 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb @@ -102,6 +102,11 @@ class ApplicationController < ActionController::Base Api::Utils.message(key, options) end + # escape '%' and '_' in order to use these characters in sql query using like + def escape_like(field) + field.gsub(/[_%]/) { |x| "\\#{x}" } + end + # # diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/search_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/search_controller.rb index dc74fc6a705..f473e15e8de 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/search_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/search_controller.rb @@ -72,8 +72,4 @@ class SearchController < ApplicationController end end - def escape_like(field) - field.gsub(/[_%]/) { |x| "\\#{x}" } - end - end |