From 04a6217512833b2fa04358220e5d520832b24a35 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 23 Apr 2020 13:49:15 -0400 Subject: [PATCH] fix(core): escape quotes before sending SQL queries Fixes #5010 --- SOPE/GDLContentStore/EOQualifier+GCS.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOPE/GDLContentStore/EOQualifier+GCS.m b/SOPE/GDLContentStore/EOQualifier+GCS.m index 069ad5d86..d0aec9a50 100644 --- a/SOPE/GDLContentStore/EOQualifier+GCS.m +++ b/SOPE/GDLContentStore/EOQualifier+GCS.m @@ -118,7 +118,7 @@ if ([val isKindOfClass:[NSNumber class]]) qValue = [val stringValue]; else if ([val isKindOfClass:[NSString class]]) { - qValue = [NSString stringWithFormat: @"'%@'", val]; + qValue = [NSString stringWithFormat: @"'%@'", [val stringByReplacingString: @"'" withString: @"\\'"]]; } else { qValue = @"NULL";