aboutsummaryrefslogtreecommitdiffstats
path: root/Source
diff options
context:
space:
mode:
authorBibiko <bibiko@eva.mpg.de>2009-09-28 13:58:30 +0000
committerBibiko <bibiko@eva.mpg.de>2009-09-28 13:58:30 +0000
commite924e2ece4512233fa5ad020fecce25307c715a2 (patch)
tree7152b56905c8d8da3d09105aa93938793a5e4b29 /Source
parent020cfd249c9022a2b84ae64786cdcbed42102217 (diff)
downloadsequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.tar.gz
sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.tar.bz2
sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.zip
• improved and fixes escaping of filter arguments
- 'is (not)' and 'contains (not)' are now defined as: take the argument literally, ie % and _ will be escaped automatically - in string fields one can look for \n , \r , \t - added LIKE and NOT LIKE operators to strings to be more transparent - a routine detects automatically whether a placeholder was wrapped into ' or " and if so ' or " will be escaped
Diffstat (limited to 'Source')
-rw-r--r--Source/TableContent.h2
-rw-r--r--Source/TableContent.m34
2 files changed, 33 insertions, 3 deletions
diff --git a/Source/TableContent.h b/Source/TableContent.h
index a498189b..0993110a 100644
--- a/Source/TableContent.h
+++ b/Source/TableContent.h
@@ -129,4 +129,6 @@
- (void) storeCurrentDetailsForRestoration;
- (void) clearDetailsToRestore;
+- (NSString *)escapeFilterArgument:(NSString *)argument againstClause:(NSString *)clause;
+
@end
diff --git a/Source/TableContent.m b/Source/TableContent.m
index ed9cf237..ccf26181 100644
--- a/Source/TableContent.m
+++ b/Source/TableContent.m
@@ -568,7 +568,7 @@
[clause setString:[filter objectForKey:@"Clause"]];
// Escape % sign
- [clause replaceOccurrencesOfRegex:@"%"withString:@"%%"];
+ [clause replaceOccurrencesOfRegex:@"%" withString:@"%%"];
[clause flushCachedRegexData];
// Replace placeholder ${} by %@
@@ -597,11 +597,13 @@
if (numberOfArguments == 2) {
filterString = [NSString stringWithFormat:@"%@ %@",
[[fieldField titleOfSelectedItem] backtickQuotedString],
- [NSString stringWithFormat:clause, firstBetweenArgument, secondBetweenArgument]];
+ [NSString stringWithFormat:clause,
+ [self escapeFilterArgument:firstBetweenArgument againstClause:clause],
+ [self escapeFilterArgument:secondBetweenArgument againstClause:clause]]];
} else if (numberOfArguments == 1) {
filterString = [NSString stringWithFormat:@"%@ %@",
[[fieldField titleOfSelectedItem] backtickQuotedString],
- [NSString stringWithFormat:clause, argument]];
+ [NSString stringWithFormat:clause, [self escapeFilterArgument:argument againstClause:clause]]];
} else {
filterString = [NSString stringWithFormat:@"%@ %@",
[[fieldField titleOfSelectedItem] backtickQuotedString],
@@ -621,6 +623,32 @@
return filterString;
}
+- (NSString *)escapeFilterArgument:(NSString *)argument againstClause:(NSString *)clause
+{
+
+ NSMutableString *arg = [[NSMutableString alloc] init];
+ [arg setString:argument];
+
+ [arg replaceOccurrencesOfRegex:@"(\\\\)(?![nrt])" withString:@"\\\\\\\\\\\\\\\\"];
+ [arg flushCachedRegexData];
+ [arg replaceOccurrencesOfRegex:@"(\\\\)(?=[nrt])" withString:@"\\\\\\"];
+ [arg flushCachedRegexData];
+
+ // Get quote sign for escaping - this should work for 99% of all cases
+ NSString *quoteSign = [clause stringByMatching:@"([\"'])[^\\1]*?%@[^\\1]*?\\1" capture:1L];
+ // Esape argument
+ if(quoteSign != nil && [quoteSign length] == 1) {
+ [arg replaceOccurrencesOfRegex:[NSString stringWithFormat:@"(%@)", quoteSign] withString:@"\\\\$1"];
+ [arg flushCachedRegexData];
+ }
+ if([clause isMatchedByRegex:@"(?i)\\blike\\b.*?%(?!@)"]) {
+ NSLog(@"asdas", _cmd);
+ [arg replaceOccurrencesOfRegex:@"([_%])" withString:@"\\\\$1"];
+ [arg flushCachedRegexData];
+ }
+ return [arg autorelease];
+}
+
/*
* Update the table count/selection text
*/