Merge pull request #58 from ZmagoD/zd_SCI_74

Filter search query for special chars [fixes SCI_74]
2025-03-06 12:43:06 +08:00 · 2016-08-17 10:00:47 +02:00 · 2016-08-17 10:00:47 +02:00 · 13697e8688
commit 13697e8688
parent 63fc8e504b c9ff249067
1 changed files with 8 additions and 0 deletions
--- a/app/datatables/sample_datatable.rb
+++ b/app/datatables/sample_datatable.rb
@ -175,6 +175,7 @@ class SampleDatatable < AjaxDatatablesRails::Base
  def fetch_records
    records = get_raw_records
    records = sort_records(records) if params[:order].present?
+    escape_special_chars
    records = filter_records(records) if params[:search].present? && (not (sorting_by_custom_column))
    records = paginate_records(records) if (not (params[:length].present? && params[:length] == '-1')) && (not (sorting_by_custom_column))
    records
@ -335,4 +336,11 @@ class SampleDatatable < AjaxDatatablesRails::Base
    params[:order].values[0]["column"].to_i > 6
  end

+  # Escapes special characters in search query
+  def escape_special_chars
+    params[:search][:value] = ActiveRecord::Base
+                              .send(:sanitize_sql_like,
+                                    params[:search][:value]) if params[:search]
+                                                                .present?
+  end
 end