Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils:[2238] trunk/openutils-mgnlcriteria/src
|
From: <fg...@us...> - 2010-04-02 11:56:15
|
Revision: 2238
http://openutils.svn.sourceforge.net/openutils/?rev=2238&view=rev
Author: fgiust
Date: 2010-04-02 11:56:09 +0000 (Fri, 02 Apr 2010)
Log Message:
-----------
escape of more invalid chars
Modified Paths:
--------------
trunk/openutils-mgnlcriteria/src/main/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/xpath/utils/XPathTextUtils.java
trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/advanced/AdvancedCriteriaSearchTest.java
Modified: trunk/openutils-mgnlcriteria/src/main/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/xpath/utils/XPathTextUtils.java
===================================================================
--- trunk/openutils-mgnlcriteria/src/main/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/xpath/utils/XPathTextUtils.java 2010-03-31 20:23:49 UTC (rev 2237)
+++ trunk/openutils-mgnlcriteria/src/main/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/xpath/utils/XPathTextUtils.java 2010-04-02 11:56:09 UTC (rev 2238)
@@ -91,10 +91,6 @@
return str.replaceAll("'", "\"");
}
- private static String[] JCR_SEARCH_EXP_UNESCAPED = new String[]{"'", "\"", "-", "\\", "?", "+" };
-
- private static String[] JCR_SEARCH_EXP_ESCAPED = new String[]{"''", "\\\"", "\\-", "\\\\", "\\?", "\\+" };
-
/**
* Convert a string to a JCR search expression literal, suitable for use in jcr:contains() (inside XPath queries).
* The characters - and " have special meaning, and may be escaped with a backslash to obtain their literal value.
@@ -109,17 +105,36 @@
return str;
}
- // Escape ' and \ everywhere, preceding them with \ except when \
- // appears
- // in one of the combinations \" or \-
+ StringBuffer sb = new StringBuffer(str.length() * 2);
+ for (int i = 0; i < str.length(); i++)
+ {
+ char c = str.charAt(i);
+ if (c == '!'
+ || c == '('
+ || c == ')'
+ || c == '*'
+ || c == ':'
+ || c == '^'
+ || c == '['
+ || c == ']'
+ || c == '\"'
+ || c == '{'
+ || c == '}'
+ || c == '?'
+ || c == '-'
+ || c == '\\'
+ || c == '+')
+ {
+ sb.append('\\');
+ }
+ else if (c == '\'')
+ {
+ sb.append('\'');
+ }
+ sb.append(c);
+ }
- // CRIT-9: if str=="\"milano\"" then only the trailing " is escaped, resulting in a JCRQueryException
- // return escapeIllegalXpathSearchChars(stringToXPathLiteral(str
- // .replaceAll("\\\\(?![-\"])", "\\\\\\\\")
- // .replaceAll("'", "\\\\'")));
-
- // if you change this implementation, please add unit tests
- return StringUtils.replaceEach(str, JCR_SEARCH_EXP_UNESCAPED, JCR_SEARCH_EXP_ESCAPED);
+ return sb.toString();
}
/**
Modified: trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/advanced/AdvancedCriteriaSearchTest.java
===================================================================
--- trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/advanced/AdvancedCriteriaSearchTest.java 2010-03-31 20:23:49 UTC (rev 2237)
+++ trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/advanced/AdvancedCriteriaSearchTest.java 2010-04-02 11:56:09 UTC (rev 2238)
@@ -186,6 +186,24 @@
}
@Test
+ public void testEscapeInvalidChars() throws Exception
+ {
+ String searchText = "\"Milano(){}[]+*?^|\\/!";
+ Criteria criteria = JCRCriteriaFactory.createCriteria().setWorkspace(ContentRepository.WEBSITE);
+ criteria.setBasePath(StringUtils.EMPTY);
+ criteria.add(Restrictions.eq("@jcr:primaryType", "mgnl:content"));
+ criteria.add(Restrictions.contains("@title", searchText));
+ try
+ {
+ criteria.execute();
+ }
+ catch (JCRQueryException e)
+ {
+ Assert.fail("Search string not properly escaped. " + e.getMessage());
+ }
+ }
+
+ @Test
public void testEscapeSingleQuotesForContainsRestriction() throws Exception
{
String searchText = "Milano'";
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
