#3129: sql_sub_vars needs to escape formatstring characters.
-----------------------------+----------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jonas
Type: defect | Status: new
Priority: normal | Milestone:
Component: general | Version: 0.9.5
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
in report.py, in the function sql_sub_vars before substituting variables,
the whole string should be format-string escaped
* '\' should be replaced with '\\'
* '%' should be replaced with '%%'
this will make it possible to write things like: field LIKE '%$PARAM%'
in reports.
old tickets that relate to this subject: #1418 and #2536 and #2568
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3129>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
