sanitize_sql_like
escapes escape_character
not only backslash.
* This is a follow up to: fe4b0eee05f59831e1468ed50f55fbad0ce11e1d * The originating PR is #14222 * It should fix the build
This commit is contained in:
parent
fa83601996
commit
973a45230a
@ -110,7 +110,8 @@ def sanitize_sql_hash_for_assignment(attrs, table)
|
||||
# Sanitizes a +string+ so that it is safe to use within a sql
|
||||
# LIKE statement. This method uses +escape_character+ to escape all occurrences of "\", "_" and "%"
|
||||
def sanitize_sql_like(string, escape_character = "\\")
|
||||
string.gsub(/[\\_%]/) { |x| [escape_character, x].join }
|
||||
pattern = Regexp.union(escape_character, "%", "_")
|
||||
string.gsub(pattern) { |x| [escape_character, x].join }
|
||||
end
|
||||
|
||||
# Accepts an array of conditions. The array has each value
|
||||
|
@ -62,19 +62,20 @@ def test_sanitize_sql_like
|
||||
def test_sanitize_sql_like_with_custom_escape_character
|
||||
assert_equal '100!%', Binary.send(:sanitize_sql_like, '100%', '!')
|
||||
assert_equal 'snake!_cased!_string', Binary.send(:sanitize_sql_like, 'snake_cased_string', '!')
|
||||
assert_equal 'C:!\\Programs!\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint', '!')
|
||||
assert_equal 'great!!', Binary.send(:sanitize_sql_like, 'great!', '!')
|
||||
assert_equal 'C:\\Programs\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint', '!')
|
||||
assert_equal 'normal string 42', Binary.send(:sanitize_sql_like, 'normal string 42', '!')
|
||||
end
|
||||
|
||||
def test_sanitize_sql_like_example_use_case
|
||||
searchable_post = Class.new(Post) do
|
||||
def self.search(term)
|
||||
where("title LIKE ?", sanitize_sql_like(term))
|
||||
where("title LIKE ?", sanitize_sql_like(term, '!'))
|
||||
end
|
||||
end
|
||||
|
||||
assert_sql /LIKE '20\\% \\_reduction\\_'/ do
|
||||
searchable_post.search("20% _reduction_").to_a
|
||||
assert_sql /LIKE '20!% !_reduction!_!!'/ do
|
||||
searchable_post.search("20% _reduction_!").to_a
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user