Skip to content
Browse files

Snippets need single quotes escaped.

  • Loading branch information...
1 parent 5260d9c commit c1f8824ae9eafd3172bf35e70657e748bd690993 @pat committed
Showing with 13 additions and 0 deletions.
  1. +3 −0 lib/riddle/query.rb
  2. +10 −0 spec/riddle/query_spec.rb
View
3 lib/riddle/query.rb
@@ -58,6 +58,9 @@ def self.set(variable, values, global = true)
end
def self.snippets(data, index, query, options = nil)
+ data.gsub!("'") { |x| "\\'" }
+ query.gsub!("'") { |x| "\\'" }
+
options = ', ' + options.keys.collect { |key|
value = options[key]
value = "'#{value}'" if value.is_a?(String)
View
10 spec/riddle/query_spec.rb
@@ -46,6 +46,16 @@
Riddle::Query.snippets('foo bar baz', 'foo_core', 'foo',
:before_match => '<strong>').should == "CALL SNIPPETS('foo bar baz', 'foo_core', 'foo', '<strong>' AS before_match)"
end
+
+ it "escapes quotes in the text data" do
+ Riddle::Query.snippets("foo bar 'baz", 'foo_core', 'foo').
+ should == "CALL SNIPPETS('foo bar \\'baz', 'foo_core', 'foo')"
+ end
+
+ it "escapes quotes in the query data" do
+ Riddle::Query.snippets("foo bar baz", 'foo_core', "foo'").
+ should == "CALL SNIPPETS('foo bar baz', 'foo_core', 'foo\\'')"
+ end
end
describe '.create_function' do

0 comments on commit c1f8824

Please sign in to comment.
Something went wrong with that request. Please try again.