Edgewall Software

Opened 18 years ago

Last modified 14 years ago

#3129 closed defect

sql_sub_vars needs to escape formatstring characters. — at Version 4

Reported by: itsme@… Owned by: Remy Blank
Priority: low Milestone:
Component: report system Version: 0.9.5
Severity: minor Keywords:
Cc: itsme@… Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Remy Blank)

in report.py, in the function sql_sub_vars before substituting variables, the whole string should be format-string escaped

  • '\' should be replaced with '\\'
  • '%' should be replaced with '%%'

this will make it possible to write things like: field LIKE '%$PARAM%' in reports.

old tickets that relate to this subject: #1418 and #2536 and #2568

Change History (4)

comment:1 by anonymous, 18 years ago

Component: generalreport system
Owner: changed from Jonas Borgström to daniel

comment:2 by Christian Boos, 17 years ago

Milestone: 1.0
Priority: normallow
Severity: normalminor

comment:3 by Christian Boos, 14 years ago

Milestone: 1.0unscheduled

Milestone 1.0 deleted

comment:4 by Remy Blank, 14 years ago

Description: modified (diff)
Milestone: triaging0.13
Owner: changed from daniel to Remy Blank
Note: See TracTickets for help on using tickets.