archive
/
tasks
mirror of https://github.com/tasks/tasks
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix for unescaped sql in custom filter tags

Browse Source
pull/14/head
Tim Su 13 years ago
parent eaebec0850
commit cb5166e022
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
astrid/plugin-src/com/todoroo/astrid/core/CustomFilterActivity.java
Unescape Escape View File

@ -37,6 +37,7 @@ import com.todoroo.andlib.service.DependencyInjectionService;
import com.todoroo.andlib.sql.Criterion;
import com.todoroo.andlib.sql.Field;
import com.todoroo.andlib.sql.Query;
import com.todoroo.andlib.sql.UnaryCriterion;
import com.todoroo.astrid.activity.TaskListActivity;
import com.todoroo.astrid.api.AstridApiConstants;
import com.todoroo.astrid.api.CustomFilterCriterion;
@ -435,7 +436,7 @@ public class CustomFilterActivity extends ListActivity {
if(instance.criterion.sql == null)
sql.append(TaskCriteria.activeAndVisible()).append(' ');
else {
String subSql = instance.criterion.sql.replace("?", value);
String subSql = instance.criterion.sql.replace("?", UnaryCriterion.sanitize(value));
subSql = PermaSql.replacePlaceholders(subSql);
sql.append(Task.ID).append(" IN (").append(subSql).append(") ");
}

Write Preview
Loading…
Cancel
Save