Escape apostrophizes char on filter

2016-10-19 15:10:12 +02:00 · 2016-10-19 15:10:12 +02:00 · fd9eaa5a4d
commit fd9eaa5a4d
parent a781473b42
2 changed files with 11 additions and 1 deletions
--- a/app/services/dossiers_list_gestionnaire_service.rb
+++ b/app/services/dossiers_list_gestionnaire_service.rb
@ -129,7 +129,7 @@ class DossiersListGestionnaireService
  def where_filter
    filter_preference_list.inject('') do |acc, preference|
      unless preference.filter.blank?
-        filter = preference.filter.gsub('*', '%')
+        filter = preference.filter.gsub('*', '%').gsub("'", "''")
        filter = "%"+filter+"%" unless filter.include? '%'

        value = preference.table_with_s_attr