mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-19 14:11:24 +01:00
Escape the values to contains
operator in dao packages (#13774)
fixes #13018 Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
488d802a2b
commit
3b04d2f8f5
@ -71,7 +71,7 @@ func getLabelQuerySetter(query *models.LabelQuery) orm.QuerySeter {
|
|||||||
qs := GetOrmer().QueryTable(&models.Label{})
|
qs := GetOrmer().QueryTable(&models.Label{})
|
||||||
if len(query.Name) > 0 {
|
if len(query.Name) > 0 {
|
||||||
if query.FuzzyMatchName {
|
if query.FuzzyMatchName {
|
||||||
qs = qs.Filter("Name__icontains", query.Name)
|
qs = qs.Filter("Name__icontains", Escape(query.Name))
|
||||||
} else {
|
} else {
|
||||||
qs = qs.Filter("Name", query.Name)
|
qs = qs.Filter("Name", query.Name)
|
||||||
}
|
}
|
||||||
|
@ -143,7 +143,7 @@ func snakeCase(str string) string {
|
|||||||
func queryByColumn(qs orm.QuerySeter, key string, value interface{}) orm.QuerySeter {
|
func queryByColumn(qs orm.QuerySeter, key string, value interface{}) orm.QuerySeter {
|
||||||
// fuzzy match
|
// fuzzy match
|
||||||
if f, ok := value.(*q.FuzzyMatchValue); ok {
|
if f, ok := value.(*q.FuzzyMatchValue); ok {
|
||||||
return qs.Filter(key+"__icontains", f.Value)
|
return qs.Filter(key+"__icontains", Escape(f.Value))
|
||||||
}
|
}
|
||||||
|
|
||||||
// range
|
// range
|
||||||
|
@ -106,6 +106,9 @@ func ListRegistrations(query *q.Query) ([]*Registration, error) {
|
|||||||
qt = qt.Filter(kk, v)
|
qt = qt.Filter(kk, v)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
if s, ok := v.(string); ok {
|
||||||
|
v = liborm.Escape(s)
|
||||||
|
}
|
||||||
|
|
||||||
qt = qt.Filter(fmt.Sprintf("%s__icontains", k), v)
|
qt = qt.Filter(fmt.Sprintf("%s__icontains", k), v)
|
||||||
}
|
}
|
||||||
|
@ -41,7 +41,7 @@ func GetPolicies(queries ...*model.PolicyQuery) (int64, []*models.RepPolicy, err
|
|||||||
|
|
||||||
query := queries[0]
|
query := queries[0]
|
||||||
if len(query.Name) != 0 {
|
if len(query.Name) != 0 {
|
||||||
qs = qs.Filter("Name__icontains", query.Name)
|
qs = qs.Filter("Name__icontains", common_dao.Escape(query.Name))
|
||||||
}
|
}
|
||||||
if len(query.Namespace) != 0 {
|
if len(query.Namespace) != 0 {
|
||||||
// TODO: Namespace filter not implemented yet
|
// TODO: Namespace filter not implemented yet
|
||||||
|
Loading…
Reference in New Issue
Block a user