DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Escape apostrophizes char on filter

Browse source
This commit is contained in:
Xavier J 2016-10-19 15:10:12 +02:00
parent a781473b42
commit fd9eaa5a4d
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/services/dossiers_list_gestionnaire_service.rb
View file

@ -129,7 +129,7 @@ class DossiersListGestionnaireService
def where_filter def where_filter
filter_preference_list.inject('') do |acc, preference| filter_preference_list.inject('') do |acc, preference|
unless preference.filter.blank? unless preference.filter.blank?
filter = preference.filter.gsub('*', '%') filter = preference.filter.gsub('*', '%').gsub("'", "''")
filter = "%"+filter+"%" unless filter.include? '%' filter = "%"+filter+"%" unless filter.include? '%'
value = preference.table_with_s_attr value = preference.table_with_s_attr

10
spec/services/dossiers_list_gestionnaire_service_spec.rb
View file

@ -171,6 +171,16 @@ describe DossiersListGestionnaireService do
it { is_expected.to eq "CAST(dossiers.id as TEXT) LIKE '%23%' AND CAST(entreprises.raison_sociale as TEXT) LIKE 'plop%plip'" } it { is_expected.to eq "CAST(dossiers.id as TEXT) LIKE '%23%' AND CAST(entreprises.raison_sociale as TEXT) LIKE 'plop%plip'" }
end end
context "when filter containe the character <'> " do
before do
gestionnaire.preference_list_dossiers
.find_by(table: 'entreprise', attr: 'raison_sociale', procedure: nil)
.update_column :filter, "MCDONALD'S FRANCE"
end
it { is_expected.to eq "CAST(dossiers.id as TEXT) LIKE '%23%' AND CAST(entreprises.raison_sociale as TEXT) LIKE '%MCDONALD''S FRANCE%'" }
end
context 'when preference list contain a champ' do context 'when preference list contain a champ' do
before do before do
create :preference_list_dossier, create :preference_list_dossier,