Fix SQL error when passing invalid value to "Related to" filter (#38301).

git-svn-id: https://svn.redmine.org/redmine/trunk@22256 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-01-31 19:47:14 +00:00 · 2023-06-21 06:05:09 +00:00 · 2023-06-21 06:05:09 +00:00 · f500357ba2
commit f500357ba2
parent 828439338f
2 changed files with 16 additions and 8 deletions
--- a/app/models/issue_query.rb
+++ b/app/models/issue_query.rb
@ -725,7 +725,6 @@ class IssueQuery < Query
      relation_type = relation_options[:reverse] || relation_type
      join_column, target_join_column = target_join_column, join_column
    end
-    ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq
    sql =
      case operator
      when "*", "!*"
@ -736,13 +735,18 @@ class IssueQuery < Query
             " WHERE #{IssueRelation.table_name}.relation_type =" \
                  " '#{self.class.connection.quote_string(relation_type)}')"
      when "=", "!"
-        op = (operator == "=" ? 'IN' : 'NOT IN')
-        "#{Issue.table_name}.id #{op}" \
-         " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \
-           " FROM #{IssueRelation.table_name}" \
-             " WHERE #{IssueRelation.table_name}.relation_type =" \
-                  " '#{self.class.connection.quote_string(relation_type)}'" \
-               " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))"
+        ids = value.first.to_s.scan(/\d+/).map(&:to_i).uniq
+        if ids.present?
+          op = (operator == "=" ? 'IN' : 'NOT IN')
+          "#{Issue.table_name}.id #{op}" \
+           " (SELECT DISTINCT #{IssueRelation.table_name}.#{join_column}" \
+             " FROM #{IssueRelation.table_name}" \
+               " WHERE #{IssueRelation.table_name}.relation_type =" \
+                    " '#{self.class.connection.quote_string(relation_type)}'" \
+                 " AND #{IssueRelation.table_name}.#{target_join_column} IN (#{ids.join(",")}))"
+        else
+          "1=0"
+        end
      when "=p", "=!p", "!p"
        op = (operator == "!p" ? 'NOT IN' : 'IN')
        comp = (operator == "=!p" ? '<>' : '=')
--- a/test/unit/query_test.rb
+++ b/test/unit/query_test.rb
@ -1650,6 +1650,10 @@ class QueryTest < ActiveSupport::TestCase
    query.filters = {"relates" => {:operator => '=', :values => ['1,2']}}
    assert_equal [1, 2, 3], find_issues_with_query(query).map(&:id).sort

+    query = IssueQuery.new(:name => '_')
+    query.filters = {"relates" => {:operator => '=', :values => ['invalid']}}
+    assert_equal [], find_issues_with_query(query).map(&:id)
+
    query = IssueQuery.new(:name => '_')
    query.filters = {"relates" => {:operator => '!', :values => ['1']}}
    assert_equal Issue.where.not(:id => [2, 3]).order(:id).ids, find_issues_with_query(query).map(&:id).sort