From b94d17a7dc904b02f5fcf82cf2d94a1a72c9aab0 Mon Sep 17 00:00:00 2001
From: Blottiere Paul <blottiere.paul@gmail.com>
Date: Mon, 3 Jul 2017 22:28:28 +0200
Subject: [PATCH] More fixes about filtering safety

---
 src/core/qgsrelation.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/core/qgsrelation.cpp b/src/core/qgsrelation.cpp
index 6f6672aa977d..0295411a71e9 100644
--- a/src/core/qgsrelation.cpp
+++ b/src/core/qgsrelation.cpp
@@ -170,22 +170,23 @@ QString QgsRelation::getRelatedFeaturesFilter( const QgsFeature &feature ) const
   {
     int referencingIdx = referencingLayer()->fields().indexFromName( fieldPair.referencingField() );
     QgsField referencingField = referencingLayer()->fields().at( referencingIdx );
+    const QString quotedColRef = QgsExpression::quotedColumnRef( fieldPair.referencingField() ) ;
 
     QVariant val( feature.attribute( fieldPair.referencedField() ) );
 
     if ( val.isNull() )
     {
-      conditions << QStringLiteral( "\"%1\" IS NULL" ).arg( fieldPair.referencingField() );
+      conditions << QStringLiteral( "%1 IS NULL" ).arg( quotedColRef );
     }
     else if ( referencingField.type() == QVariant::String )
     {
       // Use quotes
-      conditions << QStringLiteral( "\"%1\" = %2" ).arg( fieldPair.referencingField(), QgsExpression::quotedValue( val.toString() ) );
+      conditions << QStringLiteral( "%1 = %2" ).arg( quotedColRef, QgsExpression::quotedValue( val.toString() ) );
     }
     else
     {
       // No quotes
-      conditions << QStringLiteral( "\"%1\" = %2" ).arg( fieldPair.referencingField(), val.toString() );
+      conditions << QStringLiteral( "%1 = %2" ).arg( quotedColRef, val.toString() );
     }
   }
 
@@ -202,16 +203,17 @@ QgsFeatureRequest QgsRelation::getReferencedFeatureRequest( const QgsAttributes
     int referencingIdx = referencingLayer()->fields().indexFromName( fieldPair.referencingField() );
 
     QgsField referencedField = referencedLayer()->fields().at( referencedIdx );
+    const QString quotedColRef = QgsExpression::quotedColumnRef( fieldPair.referencedField() ) ;
 
     if ( referencedField.type() == QVariant::String )
     {
       // Use quotes
-      conditions << QStringLiteral( "\"%1\" = '%2'" ).arg( fieldPair.referencedField(), attributes.at( referencingIdx ).toString() );
+      conditions << QStringLiteral( "%1 = %2" ).arg( quotedColRef, QgsExpression::quotedValue( attributes.at( referencingIdx ).toString() ) );
     }
     else
     {
       // No quotes
-      conditions << QStringLiteral( "\"%1\" = %2" ).arg( fieldPair.referencedField(), attributes.at( referencingIdx ).toString() );
+      conditions << QStringLiteral( "%1 = %2" ).arg( quotedColRef, attributes.at( referencingIdx ).toString() );
     }
   }