Merge eed6dd4 into 1215790

azerothcore · Aug 10, 2019 · 60f96be · 60f96be
2 parents 1215790 + eed6dd4
commit 60f96be
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 3 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -51,6 +51,7 @@
     "@types/mocha": "5.2.7",
     "@types/mysql": "2.15.6",
     "@types/node": "12.7.1",
+    "@types/sqlstring": "2.2.1",
     "bootstrap": "4.3.1",
     "chai": "4.2.0",
     "codelyzer": "5.1.0",
@@ -75,6 +76,7 @@
     "npm-run-all": "4.1.5",
     "rxjs": "6.5.2",
     "spectron": "8.0.0",
+    "sqlstring": "2.3.1",
     "squel": "5.13.0",
     "ts-mockito": "2.4.2",
     "ts-node": "8.3.0",

diff --git a/src/app/components/editors/creature/select-creature/select-creature.integration.spec.ts b/src/app/components/editors/creature/select-creature/select-creature.integration.spec.ts
@@ -154,8 +154,8 @@ describe('SelectCreature integration tests', () => {
         'SELECT * FROM `creature_template` WHERE (`name` LIKE \'%Helias%\') LIMIT 100'
     },
     {
-      id: 4, entry: '', name: '', subname: 'Developer', limit: '', expectedQuery:
-        'SELECT * FROM `creature_template` WHERE (`subname` LIKE \'%Developer%\')'
+      id: 4, entry: '', name: '', subname: `it's a cool dev!`, limit: '', expectedQuery:
+        'SELECT * FROM `creature_template` WHERE (`subname` LIKE \'%it\\\'s a cool dev!%\')'
     },
   ]) {
     it(`searching an existing entity should correctly work [${id}]`, () => {

diff --git a/src/app/services/query.service.spec.ts b/src/app/services/query.service.spec.ts
@@ -82,6 +82,21 @@ describe('QueryService', () => {
       );
     });
 
+    it('should properly work when using fields that contain special characters', () => {
+      const queryForm: QueryForm = {
+        fields: {
+          myField1: `The People's Militia`,
+          myField2: `Mi illumino d'immenso`,
+        },
+      };
+
+      expect(service.getSearchQuery(table, queryForm)).toEqual(
+        'SELECT * ' +
+        'FROM `my_keira3` WHERE (`myField1` LIKE \'%The People\\\'s Militia%\') ' +
+        'AND (`myField2` LIKE \'%Mi illumino d\\\'immenso%\')'
+      );
+    });
+
     it('should properly work when using fields and limit', () => {
       const queryForm: QueryForm = {
         fields: {

diff --git a/src/app/services/query.service.ts b/src/app/services/query.service.ts
@@ -2,6 +2,7 @@ import { Injectable } from '@angular/core';
 import { Observable } from 'rxjs';
 import { tap } from 'rxjs/operators';
 import { Squel, Delete, Insert } from 'squel';
+import { escape } from 'sqlstring';
 
 import { MysqlService } from './mysql.service';
 import { MaxRow, MysqlResult, QueryForm, TableRow } from '../types/general';
@@ -37,7 +38,9 @@ export class QueryService {
 
     for (const filter in filters) {
       if (filters.hasOwnProperty(filter) && !!filters[filter]) {
-        query.where(`\`${filter}\` LIKE '%${filters[filter]}%'`);
+        const value = escape(`%${filters[filter]}%`);
+
+        query.where(`\`${filter}\` LIKE ${value}`);
       }
     }