Browse files

Properly escape permalink when checking it for uniqueness.

[Fixes #1505]
  • Loading branch information...
1 parent 1fbb331 commit 2bbe70ae1b069baed34cef0b9cbd954684a47f18 @maximkulkin maximkulkin committed with radar May 15, 2012
Showing with 19 additions and 1 deletion.
  1. +1 −1 core/lib/spree/core/permalinks.rb
  2. +18 −0 core/spec/models/product_spec.rb
View
2 core/lib/spree/core/permalinks.rb
@@ -47,7 +47,7 @@ def save_permalink
permalink_value = self.to_param
field = self.class.permalink_field
# Do other links exist with this permalink?
- other = self.class.all(:conditions => "#{field} LIKE '#{permalink_value}%'")
+ other = self.class.all(:conditions => ["#{field} LIKE ?", "#{permalink_value}%"])
unless other.empty?
# Find the existing permalink with the highest number, and increment that number.
# (If none of the existing permalinks have a number, this will evaluate to 1.)
View
18 core/spec/models/product_spec.rb
@@ -110,6 +110,24 @@
end
end
+ context "permalink with quotes" do
+ it "should be saved correctly" do
+ product = create(:product, :name => "Joe's", :permalink => "joe's")
+ product.permalink.should == "joe's"
+ end
+
+ context "existing" do
+ before do
+ create(:product, :name => "Joe's", :permalink => "joe's")
+ end
+
+ it "should be detected" do
+ product = create(:product, :name => "Joe's", :permalink => "joe's")
+ product.permalink.should == "joe's-1"
+ end
+ end
+ end
+
context "make_permalink should declare validates_uniqueness_of" do
before do
@product1 = create(:product, :name => 'foo')

0 comments on commit 2bbe70a

Please sign in to comment.