scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-03-06 12:43:06 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #58 from ZmagoD/zd_SCI_74

Browse source 
Filter search query for special chars [fixes SCI_74]
This commit is contained in:
Zmago Devetak 2016-08-17 10:00:47 +02:00 committed by GitHub
commit 13697e8688
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/datatables/sample_datatable.rb
View file

@ -175,6 +175,7 @@ class SampleDatatable < AjaxDatatablesRails::Base
def fetch_records def fetch_records
records = get_raw_records records = get_raw_records
records = sort_records(records) if params[:order].present? records = sort_records(records) if params[:order].present?
escape_special_chars
records = filter_records(records) if params[:search].present? && (not (sorting_by_custom_column)) records = filter_records(records) if params[:search].present? && (not (sorting_by_custom_column))
records = paginate_records(records) if (not (params[:length].present? && params[:length] == '-1')) && (not (sorting_by_custom_column)) records = paginate_records(records) if (not (params[:length].present? && params[:length] == '-1')) && (not (sorting_by_custom_column))
records records
@ -335,4 +336,11 @@ class SampleDatatable < AjaxDatatablesRails::Base
params[:order].values[0]["column"].to_i > 6 params[:order].values[0]["column"].to_i > 6
end end
# Escapes special characters in search query
def escape_special_chars
params[:search][:value] = ActiveRecord::Base
.send(:sanitize_sql_like,
params[:search][:value]) if params[:search]
.present?
end
end end