Hello guys,
I've been working with ASF in my job and we noticed that the adapter is not quoting strings properly.
Right now when quoting a string the adapter relies on the default implementation of the quote method, replacing a single
quote for two single quotes -- although the SF API expects quotes to be escaped with a backslash (as described
in http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_calls_soql_select.htm).
The result is a invalid sf api call for any query with single quotes. Like Model.find(:first, :conditions => ['some
field = ?', "here's a quote"]).
To fix it we added one line to escape strings in SalesForceAdapter (asf_adapter.rb, line 162):
def quote(value, column = nil)
case value
when NilClass then quoted_value = "NULL"
when TrueClass then quoted_value = "TRUE"
when FalseClass then quoted_value = "FALSE"
when Float, Fixnum, Bignum then quoted_value = "'#{value.to_s}'"
when String then quoted_value = "'#{value.gsub(/\\/, '\&\&').gsub(/'/,
"\\\\'")}'"
else quoted_value = super(value, column)
end
quoted_value
end
And then the adapter started to behave weirdly when inserting/updating data, because it uses SQL queries to extract
attributes and values and those queries are now escaped in a different way.
Since we're already on a hacked asf_adapter and without much time left for playing with ASF I just added a quick hack
to undo the escaping in those methods, right before extracting the values from the query (also in asf_adapter, lines
390 and 413):
values.gsub!(/\\'/, "''")
Thank you,
Pedro Belo
Bitscribe |
