diff options
| author | Bibiko <bibiko@eva.mpg.de> | 2009-09-28 13:58:30 +0000 |
|---|---|---|
| committer | Bibiko <bibiko@eva.mpg.de> | 2009-09-28 13:58:30 +0000 |
| commit | e924e2ece4512233fa5ad020fecce25307c715a2 (patch) | |
| tree | 7152b56905c8d8da3d09105aa93938793a5e4b29 /Source/TableContent.m | |
| parent | 020cfd249c9022a2b84ae64786cdcbed42102217 (diff) | |
| download | sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.tar.gz sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.tar.bz2 sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.zip | |
• improved and fixes escaping of filter arguments
- 'is (not)' and 'contains (not)' are now defined as: take the argument literally, ie % and _ will be escaped automatically
- in string fields one can look for \n , \r , \t
- added LIKE and NOT LIKE operators to strings to be more transparent
- a routine detects automatically whether a placeholder was wrapped into ' or " and if so ' or " will be escaped
Diffstat (limited to 'Source/TableContent.m')
| -rw-r--r-- | Source/TableContent.m | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/Source/TableContent.m b/Source/TableContent.m index ed9cf237..ccf26181 100644 --- a/Source/TableContent.m +++ b/Source/TableContent.m @@ -568,7 +568,7 @@ [clause setString:[filter objectForKey:@"Clause"]]; // Escape % sign - [clause replaceOccurrencesOfRegex:@"%"withString:@"%%"]; + [clause replaceOccurrencesOfRegex:@"%" withString:@"%%"]; [clause flushCachedRegexData]; // Replace placeholder ${} by %@ @@ -597,11 +597,13 @@ if (numberOfArguments == 2) { filterString = [NSString stringWithFormat:@"%@ %@", [[fieldField titleOfSelectedItem] backtickQuotedString], - [NSString stringWithFormat:clause, firstBetweenArgument, secondBetweenArgument]]; + [NSString stringWithFormat:clause, + [self escapeFilterArgument:firstBetweenArgument againstClause:clause], + [self escapeFilterArgument:secondBetweenArgument againstClause:clause]]]; } else if (numberOfArguments == 1) { filterString = [NSString stringWithFormat:@"%@ %@", [[fieldField titleOfSelectedItem] backtickQuotedString], - [NSString stringWithFormat:clause, argument]]; + [NSString stringWithFormat:clause, [self escapeFilterArgument:argument againstClause:clause]]]; } else { filterString = [NSString stringWithFormat:@"%@ %@", [[fieldField titleOfSelectedItem] backtickQuotedString], @@ -621,6 +623,32 @@ return filterString; } +- (NSString *)escapeFilterArgument:(NSString *)argument againstClause:(NSString *)clause +{ + + NSMutableString *arg = [[NSMutableString alloc] init]; + [arg setString:argument]; + + [arg replaceOccurrencesOfRegex:@"(\\\\)(?![nrt])" withString:@"\\\\\\\\\\\\\\\\"]; + [arg flushCachedRegexData]; + [arg replaceOccurrencesOfRegex:@"(\\\\)(?=[nrt])" withString:@"\\\\\\"]; + [arg flushCachedRegexData]; + + // Get quote sign for escaping - this should work for 99% of all cases + NSString *quoteSign = [clause stringByMatching:@"([\"'])[^\\1]*?%@[^\\1]*?\\1" capture:1L]; + // Esape argument + if(quoteSign != nil && [quoteSign length] == 1) { + [arg replaceOccurrencesOfRegex:[NSString stringWithFormat:@"(%@)", quoteSign] withString:@"\\\\$1"]; + [arg flushCachedRegexData]; + } + if([clause isMatchedByRegex:@"(?i)\\blike\\b.*?%(?!@)"]) { + NSLog(@"asdas", _cmd); + [arg replaceOccurrencesOfRegex:@"([_%])" withString:@"\\\\$1"]; + [arg flushCachedRegexData]; + } + return [arg autorelease]; +} + /* * Update the table count/selection text */ |