summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2010-04-09 15:20:46 +0000
committerTed Trask <ttrask01@yahoo.com>2010-04-09 15:20:46 +0000
commit38b5920e8a6b8137209f23385b315f7cf614a9d3 (patch)
tree34858c05141d5c32f0cdd6ffdcc45f34cf12547a
parentdb3654f905328903fc2157baa0529eabd49997c6 (diff)
downloadacf-did-38b5920e8a6b8137209f23385b315f7cf614a9d3.tar.bz2
acf-did-38b5920e8a6b8137209f23385b315f7cf614a9d3.tar.xz
Fixed regular expressions in search.
-rw-r--r--did-model.lua17
1 files changed, 12 insertions, 5 deletions
diff --git a/did-model.lua b/did-model.lua
index 0c2a343..c18e376 100644
--- a/did-model.lua
+++ b/did-model.lua
@@ -53,6 +53,12 @@ local escape = function(sql)
return string.gsub(sql, "'", "''")
end
+-- Escape special characters in sql statement regular expressions
+local escaperegex = function(sql)
+ sql = string.gsub(sql or "", "[%[%].*+?{()]", "\\\\%1")
+ return escape(sql)
+end
+
-- List the postgres databases on this system
local listdatabases = function()
local dbs = {}
@@ -180,24 +186,25 @@ local generatewhereclause = function(did, extension, identification, description
local where = {}
-- We're going to use regular expressions so can search for substrings
if did and did ~= "" then
- where[#where+1] = "definition.did ~ '.*"..escape(did)..".*'"
+ where[#where+1] = "definition.did ~ '"..escaperegex(did).."'"
end
if extension and extension ~= "" then
- where[#where+1] = "extension ~ '.*"..escape(extension)..".*'"
+ where[#where+1] = "extension ~ '"..escaperegex(extension).."'"
end
if identification and identification ~= "" then
- where[#where+1] = "identification ~ '.*"..escape(identification)..".*'"
+ where[#where+1] = "identification ~ '"..escaperegex(identification).."'"
end
-- For these two, specify case insensitive
if description and description ~= "" then
- where[#where+1] = "description ~* '.*"..escape(description)..".*'"
+ where[#where+1] = "description ~* '"..escaperegex(description).."'"
end
if department and department ~= "" then
- where[#where+1] = "department ~* '.*"..escape(department)..".*'"
+ where[#where+1] = "department ~* '"..escaperegex(department).."'"
end
if #where > 0 then
sql = " " .. (clause or "WHERE") .. " " .. table.concat(where, " AND ")
end
+APP.logevent(sql)
return sql
end