From 6dd5990a4a776aae331261c0acc1ca1ab60779a9 Mon Sep 17 00:00:00 2001 From: Andrew Stitcher Date: Mon, 9 Jun 2014 13:23:47 +0000 Subject: QPID-5805: Disallow % and _ characters as escapes in selector LIKE expression git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1601373 13f79535-47bb-0310-9956-ffa450edef68 --- qpid/cpp/src/qpid/broker/SelectorExpression.cpp | 3 +++ qpid/cpp/src/tests/Selector.cpp | 1 + 2 files changed, 4 insertions(+) (limited to 'qpid/cpp/src') diff --git a/qpid/cpp/src/qpid/broker/SelectorExpression.cpp b/qpid/cpp/src/qpid/broker/SelectorExpression.cpp index 1e217737ce..4efb91acf8 100644 --- a/qpid/cpp/src/qpid/broker/SelectorExpression.cpp +++ b/qpid/cpp/src/qpid/broker/SelectorExpression.cpp @@ -774,6 +774,9 @@ BoolExpression* specialComparisons(Tokeniser& tokeniser, std::auto_ptr1) { throwParseError(tokeniser, "single character string required after ESCAPE"); } + if (e.val=="%" || e.val=="_") { + throwParseError(tokeniser, "'%' and '_' are not allowed as ESCAPE characters"); + } return new LikeExpression(e1.release(), t.val, e.val); } else { tokeniser.returnTokens(); diff --git a/qpid/cpp/src/tests/Selector.cpp b/qpid/cpp/src/tests/Selector.cpp index 30c69c68af..951f124d3a 100644 --- a/qpid/cpp/src/tests/Selector.cpp +++ b/qpid/cpp/src/tests/Selector.cpp @@ -262,6 +262,7 @@ QPID_AUTO_TEST_CASE(parseStringFail) BOOST_CHECK_THROW(qb::Selector e("A not 234 escape"), std::range_error); BOOST_CHECK_THROW(qb::Selector e("A not like 'eclecti_' escape 'happy'"), std::range_error); BOOST_CHECK_THROW(qb::Selector e("A not like 'eclecti_' escape happy"), std::range_error); + BOOST_CHECK_THROW(qb::Selector e("A not like 'eclecti_' escape '%'"), std::range_error); BOOST_CHECK_THROW(qb::Selector e("A BETWEEN AND 'true'"), std::range_error); BOOST_CHECK_THROW(qb::Selector e("A NOT BETWEEN 34 OR 3.9"), std::range_error); BOOST_CHECK_THROW(qb::Selector e("A IN ()"), std::range_error); -- cgit v1.2.1