fix(core): escape quotes before sending SQL queries

Fixes #5010
2026-05-18 18:05:36 +00:00 · 2020-04-29 12:52:09 -04:00
parent 09c76b3649
commit d99bbbb37e
3 changed files with 35 additions and 20 deletions
@@ -118,7 +118,7 @@
    if ([val isKindOfClass: [NSNumber class]])
      qValue = [val stringValue];
    else if ([val isKindOfClass: [NSString class]]) {
-      if ([val hasPrefix: @"'"])
+      if ([(EOKeyValueQualifier *)self formatted])
        qValue = val;
      else
        qValue = [NSString stringWithFormat: @"'%@'", val];
@@ -38,20 +38,24 @@
  - "c_version" (update revision of the file in the folder)
 */

+@class NSArray;
+@class NSDictionary;
+@class NSException;
+@class NSMutableArray;
+@class NSMutableString;
+@class NSNumber;
@class NSString;
@class NSURL;
-@class NSNumber;
-@class NSArray;
-@class NSMutableArray;
-@class NSException;
-@class NSMutableString;
-@class NSDictionary;
-@class EOQualifier;
-@class EOFetchSpecification;
+
+@class EOAdaptor;
@class EOAdaptorChannel;
+@class EOAttribute;
+@class EOFetchSpecification;
+@class EOKeyValueQualifier;
+@class EOQualifier;
+@class GCSChannelManager;
@class GCSFolderManager;
@class GCSFolderType;
-@class GCSChannelManager;

@interface GCSFolder : NSObject
 {
@@ -149,6 +153,13 @@

 - (NSCalendarDate *) lastModificationDate;

+/* helpers */
+
+- (EOAttribute *) _attributeForColumn: (NSString *) _field;
+- (void) _findQualifiers: (id) qualifier
+             withAdaptor: (EOAdaptor *) adaptor;
+- (void) _formatQualifierValue: (EOKeyValueQualifier *) qualifier
+                   withAdaptor: (EOAdaptor *) adaptor;
@end

 #endif /* __GDLContentStore_GCSFolder_H__ */
@@ -396,12 +396,12 @@ static GCSStringFormatter *stringFormatter = nil;

      if ([qualifier isKindOfClass: [EOAndQualifier class]])
        [self _findQualifiers: (id)qualifier withAdaptor: adaptor];
-      else if ([qualifier isKindOfClass:[EOOrQualifier class]])
+      else if ([qualifier isKindOfClass: [EOOrQualifier class]])
        [self _findQualifiers: (id)qualifier withAdaptor: adaptor];
-      else if ([qualifier isKindOfClass:[EOKeyValueQualifier class]])
-        [self _formatQualifierValue: (id)qualifier withAdaptor: adaptor];
-      else if ([qualifier isKindOfClass:[EONotQualifier class]])
-        [self _formatQualifierValue: [(id)qualifier qualifier] withAdaptor: adaptor];
+      else if ([qualifier isKindOfClass: [EOKeyValueQualifier class]])
+        [self _formatQualifierValue: (EOKeyValueQualifier *)qualifier withAdaptor: adaptor];
+      else if ([qualifier isKindOfClass: [EONotQualifier class]])
+        [self _formatQualifierValue: (EOKeyValueQualifier *)[(id)qualifier qualifier] withAdaptor: adaptor];
      else
        [self errorWithFormat:@"unknown qualifier: %@", qualifier];

@@ -433,9 +433,9 @@ static GCSStringFormatter *stringFormatter = nil;
    else if ([q isKindOfClass:[EOOrQualifier class]])
      [self _findQualifiers: q withAdaptor: adaptor];
    else if ([q isKindOfClass:[EOKeyValueQualifier class]])
-      [self _formatQualifierValue: q withAdaptor: adaptor];
+      [self _formatQualifierValue: (EOKeyValueQualifier *)q withAdaptor: adaptor];
    else if ([q isKindOfClass:[EONotQualifier class]])
-      [self _formatQualifierValue: [q qualifier] withAdaptor: adaptor];
+      [self _formatQualifierValue: (EOKeyValueQualifier *)[q qualifier] withAdaptor: adaptor];
    else
      [self errorWithFormat:@"unknown qualifier: %@", q];
  }
@@ -450,9 +450,13 @@ static GCSStringFormatter *stringFormatter = nil;

  field = [qualifier key];
  attribute = [self _attributeForColumn: field];
-  formattedValue = [adaptor formatValue: [qualifier value]
-                           forAttribute: attribute];
-  [qualifier setValue: formattedValue];
+  if (attribute)
+    {
+      formattedValue = [adaptor formatValue: [qualifier value]
+                               forAttribute: attribute];
+      [qualifier setValue: formattedValue];
+      [qualifier setFormatted: YES];
+    }
 }

 - (NSString *)_sqlForSortOrderings:(NSArray *)_so {