Handle unsafe expressions when using startswith/endswith/contains with unsafe expressions. Closes #58

2010-07-26 16:42:10 +02:00 · 2010-07-26 16:42:10 +02:00 · 7ab2e21c10
commit 7ab2e21c10
parent 2f991ac6f1
2 changed files with 10 additions and 0 deletions
--- a/mongoengine/fields.py
+++ b/mongoengine/fields.py
@ -66,6 +66,9 @@ class StringField(BaseField):
                regex = r'%s$'
            elif op == 'exact':
                regex = r'^%s$'
+            
+            # escape unsafe characters which could lead to a re.error
+            value = re.escape(value)
            value = re.compile(regex % value, flags)
        return value

--- a/tests/queryset.py
+++ b/tests/queryset.py
@ -288,6 +288,13 @@ class QuerySetTest(unittest.TestCase):
        self.assertEqual(obj, person)
        obj = self.Person.objects(Q(name__iexact='gUIDO VAN rOSSU')).first()
        self.assertEqual(obj, None)
+        
+        # Test unsafe expressions
+        person = self.Person(name='Guido van Rossum [.\'Geek\']')
+        person.save()
+
+        obj = self.Person.objects(Q(name__icontains='[.\'Geek')).first()
+        self.assertEqual(obj, person)

    def test_filter_chaining(self):
        """Ensure filters can be chained together.