Opened 18 years ago
Last modified 14 years ago
#3129 closed defect
sql_sub_vars needs to escape formatstring characters. — at Initial Version
Reported by: | Owned by: | Jonas Borgström | |
---|---|---|---|
Priority: | low | Milestone: | |
Component: | report system | Version: | 0.9.5 |
Severity: | minor | Keywords: | |
Cc: | itsme@… | Branch: | |
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
in report.py, in the function sql_sub_vars before substituting variables, the whole string should be format-string escaped
- '\' should be replaced with '
' - '%' should be replaced with '%%'
this will make it possible to write things like: field LIKE '%$PARAM%' in reports.
old tickets that relate to this subject: #1418 and #2536 and #2568
Note:
See TracTickets
for help on using tickets.