Escape apostrophizes char on filter

2016-10-19 15:10:12 +02:00 · 2016-10-19 15:10:12 +02:00 · fd9eaa5a4d
commit fd9eaa5a4d
parent a781473b42
2 changed files with 11 additions and 1 deletions
--- a/app/services/dossiers_list_gestionnaire_service.rb
+++ b/app/services/dossiers_list_gestionnaire_service.rb
@ -129,7 +129,7 @@ class DossiersListGestionnaireService
  def where_filter
    filter_preference_list.inject('') do |acc, preference|
      unless preference.filter.blank?
-        filter = preference.filter.gsub('*', '%')
+        filter = preference.filter.gsub('*', '%').gsub("'", "''")
        filter = "%"+filter+"%" unless filter.include? '%'

        value = preference.table_with_s_attr
--- a/spec/services/dossiers_list_gestionnaire_service_spec.rb
+++ b/spec/services/dossiers_list_gestionnaire_service_spec.rb
@ -171,6 +171,16 @@ describe DossiersListGestionnaireService do
      it { is_expected.to eq "CAST(dossiers.id as TEXT) LIKE '%23%' AND CAST(entreprises.raison_sociale as TEXT) LIKE 'plop%plip'" }
    end

+    context "when filter containe the character <'> " do
+      before do
+        gestionnaire.preference_list_dossiers
+            .find_by(table: 'entreprise', attr: 'raison_sociale', procedure: nil)
+            .update_column :filter, "MCDONALD'S FRANCE"
+      end
+
+      it { is_expected.to eq "CAST(dossiers.id as TEXT) LIKE '%23%' AND CAST(entreprises.raison_sociale as TEXT) LIKE '%MCDONALD''S FRANCE%'" }
+    end
+
    context 'when preference list contain a champ' do
      before do
        create :preference_list_dossier,