diff options
author | Bibiko <bibiko@eva.mpg.de> | 2009-09-28 13:58:30 +0000 |
---|---|---|
committer | Bibiko <bibiko@eva.mpg.de> | 2009-09-28 13:58:30 +0000 |
commit | e924e2ece4512233fa5ad020fecce25307c715a2 (patch) | |
tree | 7152b56905c8d8da3d09105aa93938793a5e4b29 /Source | |
parent | 020cfd249c9022a2b84ae64786cdcbed42102217 (diff) | |
download | sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.tar.gz sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.tar.bz2 sequelpro-e924e2ece4512233fa5ad020fecce25307c715a2.zip |
• improved and fixes escaping of filter arguments
- 'is (not)' and 'contains (not)' are now defined as: take the argument literally, ie % and _ will be escaped automatically
- in string fields one can look for \n , \r , \t
- added LIKE and NOT LIKE operators to strings to be more transparent
- a routine detects automatically whether a placeholder was wrapped into ' or " and if so ' or " will be escaped
Diffstat (limited to 'Source')
-rw-r--r-- | Source/TableContent.h | 2 | ||||
-rw-r--r-- | Source/TableContent.m | 34 |
2 files changed, 33 insertions, 3 deletions
diff --git a/Source/TableContent.h b/Source/TableContent.h index a498189b..0993110a 100644 --- a/Source/TableContent.h +++ b/Source/TableContent.h @@ -129,4 +129,6 @@ - (void) storeCurrentDetailsForRestoration; - (void) clearDetailsToRestore; +- (NSString *)escapeFilterArgument:(NSString *)argument againstClause:(NSString *)clause; + @end diff --git a/Source/TableContent.m b/Source/TableContent.m index ed9cf237..ccf26181 100644 --- a/Source/TableContent.m +++ b/Source/TableContent.m @@ -568,7 +568,7 @@ [clause setString:[filter objectForKey:@"Clause"]]; // Escape % sign - [clause replaceOccurrencesOfRegex:@"%"withString:@"%%"]; + [clause replaceOccurrencesOfRegex:@"%" withString:@"%%"]; [clause flushCachedRegexData]; // Replace placeholder ${} by %@ @@ -597,11 +597,13 @@ if (numberOfArguments == 2) { filterString = [NSString stringWithFormat:@"%@ %@", [[fieldField titleOfSelectedItem] backtickQuotedString], - [NSString stringWithFormat:clause, firstBetweenArgument, secondBetweenArgument]]; + [NSString stringWithFormat:clause, + [self escapeFilterArgument:firstBetweenArgument againstClause:clause], + [self escapeFilterArgument:secondBetweenArgument againstClause:clause]]]; } else if (numberOfArguments == 1) { filterString = [NSString stringWithFormat:@"%@ %@", [[fieldField titleOfSelectedItem] backtickQuotedString], - [NSString stringWithFormat:clause, argument]]; + [NSString stringWithFormat:clause, [self escapeFilterArgument:argument againstClause:clause]]]; } else { filterString = [NSString stringWithFormat:@"%@ %@", [[fieldField titleOfSelectedItem] backtickQuotedString], @@ -621,6 +623,32 @@ return filterString; } +- (NSString *)escapeFilterArgument:(NSString *)argument againstClause:(NSString *)clause +{ + + NSMutableString *arg = [[NSMutableString alloc] init]; + [arg setString:argument]; + + [arg replaceOccurrencesOfRegex:@"(\\\\)(?![nrt])" withString:@"\\\\\\\\\\\\\\\\"]; + [arg flushCachedRegexData]; + [arg replaceOccurrencesOfRegex:@"(\\\\)(?=[nrt])" withString:@"\\\\\\"]; + [arg flushCachedRegexData]; + + // Get quote sign for escaping - this should work for 99% of all cases + NSString *quoteSign = [clause stringByMatching:@"([\"'])[^\\1]*?%@[^\\1]*?\\1" capture:1L]; + // Esape argument + if(quoteSign != nil && [quoteSign length] == 1) { + [arg replaceOccurrencesOfRegex:[NSString stringWithFormat:@"(%@)", quoteSign] withString:@"\\\\$1"]; + [arg flushCachedRegexData]; + } + if([clause isMatchedByRegex:@"(?i)\\blike\\b.*?%(?!@)"]) { + NSLog(@"asdas", _cmd); + [arg replaceOccurrencesOfRegex:@"([_%])" withString:@"\\\\$1"]; + [arg flushCachedRegexData]; + } + return [arg autorelease]; +} + /* * Update the table count/selection text */ |