Escape user SQL for attribute filtering. Not sure why this wasn't failing before or when it started failing, but this definitely fixes it.
Signed-off-by: Steve Howard <showard@google.com>
git-svn-id: http://test.kernel.org/svn/autotest/trunk@3099 592f7852-d20e-0410-864c-8624ca9c26a4
diff --git a/new_tko/tko/models.py b/new_tko/tko/models.py
index 36f1548..5affa38 100644
--- a/new_tko/tko/models.py
+++ b/new_tko/tko/models.py
@@ -287,6 +287,7 @@
def _add_attribute_join(self, query_set, join_condition='', suffix=None,
exclude=False):
+ join_condition = self.escape_user_sql(join_condition)
if suffix is None:
suffix = self._get_include_exclude_suffix(exclude)
return self.add_join(query_set, 'test_attributes',