[Trac-tickets] [The Trac Project] #3129: sql_sub_vars needs to
escape formatstring characters.
The Trac Project
noreply at edgewall.com
Wed May 10 06:35:16 CDT 2006
#3129: sql_sub_vars needs to escape formatstring characters.
-----------------------------+----------------------------------------------
Reporter: itsme at xs4all.nl | Owner: jonas
Type: defect | Status: new
Priority: normal | Milestone:
Component: general | Version: 0.9.5
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
in report.py, in the function sql_sub_vars before substituting variables,
the whole string should be format-string escaped
* '\' should be replaced with '\\'
* '%' should be replaced with '%%'
this will make it possible to write things like: field LIKE '%$PARAM%'
in reports.
old tickets that relate to this subject: #1418 and #2536 and #2568
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3129>
The Trac Project <http://trac.edgewall.com/>
More information about the Trac-Tickets
mailing list