diff --git a/SoObjects/Appointments/SOGoAppointmentFolder.m b/SoObjects/Appointments/SOGoAppointmentFolder.m index 56aab2fe8..776c42c79 100644 --- a/SoObjects/Appointments/SOGoAppointmentFolder.m +++ b/SoObjects/Appointments/SOGoAppointmentFolder.m @@ -696,7 +696,7 @@ static Class iCalEventK = nil; if ([title length]) [baseWhere addObject: [NSString stringWithFormat: @"c_title isCaseInsensitiveLike: '%%%@%%'", - [title stringByReplacingString: @"'" withString: @"\\'\\'"]]]; + [title asSafeSQLString]]]; if (component) { @@ -1436,14 +1436,14 @@ firstInstanceCalendarDateRange: (NGCalendarDateRange *) fir if ([filters isEqualToString:@"title_Category_Location"] || [filters isEqualToString:@"entireContent"]) { [baseWhere addObject: [NSString stringWithFormat: @"(c_title isCaseInsensitiveLike: '%%%@%%' OR c_category isCaseInsensitiveLike: '%%%@%%' OR c_location isCaseInsensitiveLike: '%%%@%%')", - [title stringByReplacingString: @"'" withString: @"\\'\\'"], - [title stringByReplacingString: @"'" withString: @"\\'\\'"], - [title stringByReplacingString: @"'" withString: @"\\'\\'"]]]; + [title asSafeSQLString], + [title asSafeSQLString], + [title asSafeSQLString]]]; } } else [baseWhere addObject: [NSString stringWithFormat: @"c_title isCaseInsensitiveLike: '%%%@%%'", - [title stringByReplacingString: @"'" withString: @"\\'\\'"]]]; + [title asSafeSQLString]]]; } /* prepare mandatory fields */ @@ -2619,7 +2619,7 @@ firstInstanceCalendarDateRange: (NGCalendarDateRange *) fir if (uid && folder) { qualifier = [EOQualifier qualifierWithQualifierFormat: @"c_uid = %@", - uid]; + [uid asSafeSQLString]]; records = [folder fetchFields: nameFields matchingQualifier: qualifier]; count = [records count]; if (count) diff --git a/SoObjects/Contacts/SOGoContactGCSFolder.m b/SoObjects/Contacts/SOGoContactGCSFolder.m index 1cd2720f7..7ce3feecd 100644 --- a/SoObjects/Contacts/SOGoContactGCSFolder.m +++ b/SoObjects/Contacts/SOGoContactGCSFolder.m @@ -121,7 +121,7 @@ static NSArray *folderListingFields = nil; NSString *component; Class objectClass; - qualifier = [EOQualifier qualifierWithQualifierFormat:@"c_name = %@", name]; + qualifier = [EOQualifier qualifierWithQualifierFormat: @"c_name = %@", [name asSafeSQLString]]; records = [[self ocsFolder] fetchFields: [NSArray arrayWithObject: @"c_component"] matchingQualifier: qualifier]; @@ -190,8 +190,7 @@ static NSArray *folderListingFields = nil; if ([filter length] > 0) { - filter = [[filter stringByReplacingString: @"\\" withString: @"\\\\"] - stringByReplacingString: @"'" withString: @"\\'\\'"]; + filter = [filter asSafeSQLString]; if ([criteria isEqualToString: @"name_or_address"]) qs = [NSString stringWithFormat: @"(c_sn isCaseInsensitiveLike: '%%%@%%') OR " @@ -338,8 +337,7 @@ static NSArray *folderListingFields = nil; if (aName && [aName length] > 0) { - aName = [[aName stringByReplacingString: @"\\" withString: @"\\\\"] - stringByReplacingString: @"'" withString: @"\\'\\'"]; + aName = [aName asSafeSQLString]; qs = [NSString stringWithFormat: @"(c_name='%@')", aName]; qualifier = [EOQualifier qualifierWithQualifierFormat: qs]; dbRecords = [[self ocsFolder] fetchFields: folderListingFields diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m index 14085eead..35da33b9c 100644 --- a/SoObjects/SOGo/NSString+Utilities.m +++ b/SoObjects/SOGo/NSString+Utilities.m @@ -684,8 +684,9 @@ static int cssEscapingCount; - (NSString *) asSafeSQLString { - return [[self stringByReplacingString: @"\\" withString: @"\\\\"] - stringByReplacingString: @"'" withString: @"\\'"]; + return [[[self stringByReplacingString: @"\\" withString: @"\\\\"] + stringByReplacingString: @"'" withString: @"\\'"] + stringByReplacingString: @"\%" withString: @"\\%"]; } - (NSUInteger) countOccurrencesOfString: (NSString *) substring