Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape single quotation mark and backslash when quoting string #29

Merged
merged 3 commits into from
Apr 10, 2023
+6 −6
Merged

Escape single quotation mark and backslash when quoting string #29

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
95b3fcf
Escape single quotation mark and backslash when quoting string
stevenskim Apr 10, 2023
a3d4b84
Increment patch version to 0.11.4
stevenskim Apr 10, 2023
9a52023
Merge branch 'main' into 24-incorrectly-escaping-quotes-for-soql
JeffLuckett Apr 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions lib/active_force/active_query.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ def eq_predicate(attribute, value)
def enclose_value value
case value
when String
"'#{quote_string(value)}'"
quote_string(value)
when NilClass
'NULL'
else
Expand All @@ -171,8 +171,7 @@ def enclose_value value
end

def quote_string(s)
# From activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, version 4.1.5, line 82
s.gsub(/\\/, '\&\&').gsub(/'/, "''")
"'#{s.gsub(/(['\\])/, '\\\\\\1')}'"
end

def result
Expand Down
4 changes: 2 additions & 2 deletions spec/active_force/active_query_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@
let(:quote_input){ "' OR Id!=NULL OR Id='" }
let(:backslash_input){ "\\" }
let(:number_input){ 123 }
let(:expected_query){ "SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\' AND NumberField = 123 AND QuoteField = ''' OR Id!=NULL OR Id=''')" }
let(:expected_query){ "SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\' AND NumberField = 123 AND QuoteField = '\\' OR Id!=NULL OR Id=\\'')" }

it 'escapes quotes and backslashes in bind parameters' do
active_query.where('Backslash_Field__c = :backslash_field AND NumberField = :number_field AND QuoteField = :quote_field', number_field: number_input, backslash_field: backslash_input, quote_field: quote_input)
Expand All @@ -210,7 +210,7 @@

it 'escapes quotes and backslashes in hash conditions' do
active_query.where(backslash_field: backslash_input, number_field: number_input, quote_field: quote_input)
expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\') AND (NumberField = 123) AND (QuoteField = ''' OR Id!=NULL OR Id=''')")
expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\') AND (NumberField = 123) AND (QuoteField = '\\' OR Id!=NULL OR Id=\\'')")
end
end

Expand Down