Escape user SQL for attribute filtering. Not sure why this wasn't failing before or when it started failing, but this definitely fixes it. Signed-off-by: Steve Howard <showard@google.com> git-svn-id: http://test.kernel.org/svn/autotest/trunk@3099 592f7852-d20e-0410-864c-8624ca9c26a4

commit: 93caf2db100d658dced67f8056c8397b84939318 [log] [tgz]
author: showard <showard@592f7852-d20e-0410-864c-8624ca9c26a4> Fri May 08 18:24:22 2009 +0000
committer: showard <showard@592f7852-d20e-0410-864c-8624ca9c26a4> Fri May 08 18:24:22 2009 +0000
tree: c0d8112425449b6df80f7c2c8e009c0d84c5c419
parent: 597bfd3aa52f467942dc181d1dcb4223644c2f7f [diff] [blame]
diff --git a/new_tko/tko/models.py b/new_tko/tko/models.py
index 36f1548..5affa38 100644
--- a/new_tko/tko/models.py
+++ b/new_tko/tko/models.py

@@ -287,6 +287,7 @@
 
     def _add_attribute_join(self, query_set, join_condition='', suffix=None,
                             exclude=False):
+        join_condition = self.escape_user_sql(join_condition)
         if suffix is None:
             suffix = self._get_include_exclude_suffix(exclude)
         return self.add_join(query_set, 'test_attributes',
commit	93caf2db100d658dced67f8056c8397b84939318	[log] [tgz]
author	showard <showard@592f7852-d20e-0410-864c-8624ca9c26a4>	Fri May 08 18:24:22 2009 +0000
committer	showard <showard@592f7852-d20e-0410-864c-8624ca9c26a4>	Fri May 08 18:24:22 2009 +0000
tree	c0d8112425449b6df80f7c2c8e009c0d84c5c419
parent	597bfd3aa52f467942dc181d1dcb4223644c2f7f [diff] [blame]