Opened 18 years ago
Last modified 14 years ago
#3129 closed defect
sql_sub_vars needs to escape formatstring characters. — at Version 4
| Reported by: | Owned by: | Remy Blank | |
|---|---|---|---|
| Priority: | low | Milestone: | |
| Component: | report system | Version: | 0.9.5 |
| Severity: | minor | Keywords: | |
| Cc: | itsme@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
in report.py, in the function sql_sub_vars before substituting variables, the whole string should be format-string escaped
'\'should be replaced with'\\''%'should be replaced with'%%'
this will make it possible to write things like: field LIKE '%$PARAM%'
in reports.
old tickets that relate to this subject: #1418 and #2536 and #2568
Change History (4)
comment:1 by , 18 years ago
| Component: | general → report system |
|---|---|
| Owner: | changed from to |
comment:2 by , 17 years ago
| Milestone: | → 1.0 |
|---|---|
| Priority: | normal → low |
| Severity: | normal → minor |
comment:3 by , 14 years ago
| Milestone: | 1.0 → unscheduled |
|---|
comment:4 by , 14 years ago
| Description: | modified (diff) |
|---|---|
| Milestone: | triaging → 0.13 |
| Owner: | changed from to |
Note:
See TracTickets
for help on using tickets.
Milestone 1.0 deleted