From 38b5920e8a6b8137209f23385b315f7cf614a9d3 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Fri, 9 Apr 2010 15:20:46 +0000 Subject: Fixed regular expressions in search. --- did-model.lua | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/did-model.lua b/did-model.lua index 0c2a343..c18e376 100644 --- a/did-model.lua +++ b/did-model.lua @@ -53,6 +53,12 @@ local escape = function(sql) return string.gsub(sql, "'", "''") end +-- Escape special characters in sql statement regular expressions +local escaperegex = function(sql) + sql = string.gsub(sql or "", "[%[%].*+?{()]", "\\\\%1") + return escape(sql) +end + -- List the postgres databases on this system local listdatabases = function() local dbs = {} @@ -180,24 +186,25 @@ local generatewhereclause = function(did, extension, identification, description local where = {} -- We're going to use regular expressions so can search for substrings if did and did ~= "" then - where[#where+1] = "definition.did ~ '.*"..escape(did)..".*'" + where[#where+1] = "definition.did ~ '"..escaperegex(did).."'" end if extension and extension ~= "" then - where[#where+1] = "extension ~ '.*"..escape(extension)..".*'" + where[#where+1] = "extension ~ '"..escaperegex(extension).."'" end if identification and identification ~= "" then - where[#where+1] = "identification ~ '.*"..escape(identification)..".*'" + where[#where+1] = "identification ~ '"..escaperegex(identification).."'" end -- For these two, specify case insensitive if description and description ~= "" then - where[#where+1] = "description ~* '.*"..escape(description)..".*'" + where[#where+1] = "description ~* '"..escaperegex(description).."'" end if department and department ~= "" then - where[#where+1] = "department ~* '.*"..escape(department)..".*'" + where[#where+1] = "department ~* '"..escaperegex(department).."'" end if #where > 0 then sql = " " .. (clause or "WHERE") .. " " .. table.concat(where, " AND ") end +APP.logevent(sql) return sql end -- cgit v1.2.3