From 95b3fcfed5d7870d8e1b8103e1c235121ca83f16 Mon Sep 17 00:00:00 2001
From: Steven Kim <stevenkim@beyondfinance.com>
Date: Mon, 10 Apr 2023 10:22:33 -0500
Subject: [PATCH 1/2] Escape single quotation mark and backslash when quoting
 string

---
 lib/active_force/active_query.rb       | 5 ++---
 spec/active_force/active_query_spec.rb | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/active_force/active_query.rb b/lib/active_force/active_query.rb
index e5a5719..4602e01 100644
--- a/lib/active_force/active_query.rb
+++ b/lib/active_force/active_query.rb
@@ -162,7 +162,7 @@ def eq_predicate(attribute, value)
     def enclose_value value
       case value
       when String
-        "'#{quote_string(value)}'"
+        quote_string(value)
       when NilClass
         'NULL'
       else
@@ -171,8 +171,7 @@ def enclose_value value
     end
 
     def quote_string(s)
-      # From activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, version 4.1.5, line 82
-      s.gsub(/\\/, '\&\&').gsub(/'/, "''")
+      "'#{s.gsub(/(['\\])/, '\\\\\\1')}'"
     end
 
     def result
diff --git a/spec/active_force/active_query_spec.rb b/spec/active_force/active_query_spec.rb
index 68d8335..cb23508 100644
--- a/spec/active_force/active_query_spec.rb
+++ b/spec/active_force/active_query_spec.rb
@@ -196,7 +196,7 @@
     let(:quote_input){ "' OR Id!=NULL OR Id='" }
     let(:backslash_input){ "\\" }
     let(:number_input){ 123 }
-    let(:expected_query){ "SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\' AND NumberField = 123 AND QuoteField = ''' OR Id!=NULL OR Id=''')" }
+    let(:expected_query){ "SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\' AND NumberField = 123 AND QuoteField = '\\' OR Id!=NULL OR Id=\\'')" }
 
     it 'escapes quotes and backslashes in bind parameters' do
       active_query.where('Backslash_Field__c = :backslash_field AND NumberField = :number_field AND QuoteField = :quote_field', number_field: number_input, backslash_field: backslash_input, quote_field: quote_input)
@@ -210,7 +210,7 @@
 
     it 'escapes quotes and backslashes in hash conditions' do
       active_query.where(backslash_field: backslash_input, number_field: number_input, quote_field: quote_input)
-      expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\') AND (NumberField = 123) AND (QuoteField = ''' OR Id!=NULL OR Id=''')")
+      expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\') AND (NumberField = 123) AND (QuoteField = '\\' OR Id!=NULL OR Id=\\'')")
     end
   end
 

From a3d4b8488b1bc7e6f0b9c2d7760affb68f3e6602 Mon Sep 17 00:00:00 2001
From: Steven Kim <stevenkim@beyondfinance.com>
Date: Mon, 10 Apr 2023 11:17:37 -0500
Subject: [PATCH 2/2] Increment patch version to 0.11.4

---
 CHANGELOG.md                | 3 +++
 lib/active_force/version.rb | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bba7f50..343f649 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ## Not released
 
+## 0.11.4
+* Properly escape single quote (https://github.com/Beyond-Finance/active_force/pull/29)
+
 ## 0.11.3
 
 * Fix has_one assignment when receiver does not have id (https://github.com/Beyond-Finance/active_force/pull/23)
diff --git a/lib/active_force/version.rb b/lib/active_force/version.rb
index 1a5a3c4..015f5e8 100644
--- a/lib/active_force/version.rb
+++ b/lib/active_force/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActiveForce
-  VERSION = '0.11.3'
+  VERSION = '0.11.4'
 end