From 7d48737fa711e425540763dcaa91f78f882de46b Mon Sep 17 00:00:00 2001 From: friflaj Date: Sun, 5 Sep 2010 00:38:15 +0200 Subject: [PATCH] Parameter auto-quoting --- features/step_definitions/_given_steps.rb | 16 ++++++++-------- features/step_definitions/_then_steps.rb | 10 +++++----- features/step_definitions/_when_steps.rb | 12 ++++++------ 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/features/step_definitions/_given_steps.rb b/features/step_definitions/_given_steps.rb index e56230548e..dc23608afe 100644 --- a/features/step_definitions/_given_steps.rb +++ b/features/step_definitions/_given_steps.rb @@ -42,13 +42,13 @@ Given /^I am viewing the master backlog$/ do end Given /^I am viewing the burndown for (.+)$/ do |sprint_name| - @sprint = Sprint.find(:first, :conditions => "name='#{sprint_name}'") + @sprint = Sprint.find(:first, :conditions => ["name=?", sprint_name]) visit url_for(:controller => :rb_burndown_charts, :action => :show, :id => @sprint.id) page.driver.response.status.should == 200 end Given /^I am viewing the taskboard for (.+)$/ do |sprint_name| - @sprint = Sprint.find(:first, :conditions => "name='#{sprint_name}'") + @sprint = Sprint.find(:first, :conditions => ["name=?", sprint_name]) visit url_for(:controller => :rb_taskboards, :action => :show, :id => @sprint.id) page.driver.response.status.should == 200 end @@ -56,10 +56,10 @@ end Given /^I set the (.+) of the story to (.+)$/ do |attribute, value| if attribute=="tracker" attribute="tracker_id" - value = Tracker.find(:first, :conditions => "name='#{value}'").id + value = Tracker.find(:first, :conditions => ["name=?", value]).id elsif attribute=="status" attribute="status_id" - value = IssueStatus.find(:first, :conditions => "name='#{value}'").id + value = IssueStatus.find(:first, :conditions => ["name=?", value]).id end @story_params[attribute] = value end @@ -74,7 +74,7 @@ Given /^I want to create a story$/ do end Given /^I want to create a task for (.+)$/ do |story_subject| - story = Story.find(:first, :conditions => "subject='#{story_subject}'") + story = Story.find(:first, :conditions => ["subject=?", story_subject]) @task_params = initialize_task_params(story.id) end @@ -96,7 +96,7 @@ Given /^I want to edit the impediment named (.+)$/ do |impediment_subject| end Given /^I want to edit the sprint named (.+)$/ do |name| - sprint = Sprint.find(:first, :conditions => "name='#{name}'") + sprint = Sprint.find(:first, :conditions => ["name=?", name]) sprint.should_not be_nil @sprint_params = HashWithIndifferentAccess.new(sprint.attributes) end @@ -117,7 +117,7 @@ Given /^I want to set the (.+) of the impediment to (.+)$/ do |attribute, value| end Given /^I want to edit the story with subject (.+)$/ do |subject| - @story = Story.find(:first, :conditions => "subject='#{subject}'") + @story = Story.find(:first, :conditions => ["subject=?", subject]) @story.should_not be_nil @story_params = HashWithIndifferentAccess.new(@story.attributes) end @@ -174,7 +174,7 @@ Given /^the project has the following stories in the following sprints:$/ do |ta params = initialize_story_params params['subject'] = story['subject'] params['prev_id'] = prev_id - params['fixed_version_id'] = (Sprint.find(:first, :conditions => "name='#{story['sprint']}'") || Sprint.new).id + params['fixed_version_id'] = (Sprint.find(:first, :conditions => ["name=?", story['sprint']]) || Sprint.new).id # NOTE: We're bypassing the controller here because we're just # setting up the database for the actual tests. The actual tests, diff --git a/features/step_definitions/_then_steps.rb b/features/step_definitions/_then_steps.rb index f2bc715e0c..1f4eab6569 100755 --- a/features/step_definitions/_then_steps.rb +++ b/features/step_definitions/_then_steps.rb @@ -26,7 +26,7 @@ Then /^I should see the product backlog$/ do end Then /^show me the list of sprints$/ do - sprints = Sprint.find(:all, :conditions => "project_id=#{@project.id}") + sprints = Sprint.find(:all, :conditions => ["project_id=?", @project.id]) puts "\n" puts "\t| #{'id'.ljust(3)} | #{'name'.ljust(18)} | #{'sprint_start_date'.ljust(18)} | #{'effective_date'.ljust(18)} | #{'updated_on'.ljust(20)}" @@ -69,17 +69,17 @@ Then /^the request should fail$/ do end Then /^the (\d+)(?:st|nd|rd|th) story should be (.+)$/ do |position, subject| - story = Story.find(:first, :conditions => "position=#{position}") + story = Story.find(:first, :conditions => ["position=?", position]) story.should_not be_nil story.subject.should == subject end Then /^the (\d+)(?:st|nd|rd|th) position should be unique$/ do |position| - Story.find(:all, :conditions => "position=#{position}").length.should == 1 + Story.find(:all, :conditions => ["position=?", position]).length.should == 1 end Then /^the (\d+)(?:st|nd|rd|th) task for (.+) should be (.+)$/ do |position, story_subject, task_subject| - story = Story.find(:first, :conditions => "subject='#{story_subject}'") + story = Story.find(:first, :conditions => ["subject=?", story_subject]) story.children[position.to_i - 1].subject.should == task_subject end @@ -135,7 +135,7 @@ Then /^the story should have a (.+) of (.+)$/ do |attribute, value| @story.reload if attribute=="tracker" attribute="tracker_id" - value = Tracker.find(:first, :conditions => "name='#{value}'").id + value = Tracker.find(:first, :conditions => ["name=?", value]).id elsif attribute=="position" value = value.to_i end diff --git a/features/step_definitions/_when_steps.rb b/features/step_definitions/_when_steps.rb index 21df5613e7..4a1976af8f 100644 --- a/features/step_definitions/_when_steps.rb +++ b/features/step_definitions/_when_steps.rb @@ -17,8 +17,8 @@ When /^I create the task$/ do end When /^I move the story named (.+) below (.+)$/ do |story_subject, prev_subject| - story = Story.find(:first, :conditions => "subject='#{story_subject}'") - prev = Story.find(:first, :conditions => "subject='#{prev_subject}'") + story = Story.find(:first, :conditions => ["subject=?", story_subject]) + prev = Story.find(:first, :conditions => ["subject=?", prev_subject]) attributes = story.attributes attributes[:prev] = prev.id @@ -31,15 +31,15 @@ end When /^I move the story named (.+) (up|down) to the (\d+)(?:st|nd|rd|th) position of the sprint named (.+)$/ do |story_subject, direction, position, sprint_name| position = position.to_i - story = Story.find(:first, :conditions => "subject='#{story_subject}'") - sprint = Sprint.find(:first, :conditions => "name='#{sprint_name}'") + story = Story.find(:first, :conditions => ["subject=?", story_subject]) + sprint = Sprint.find(:first, :conditions => ["name=?", sprint_name]) story.fixed_version = sprint attributes = story.attributes attributes[:prev] = if position == 1 '' else - stories = Story.find(:all, :conditions => "fixed_version_id=#{sprint.id} AND tracker_id IN (#{Story.trackers.join(',')})", :order => "position ASC") + stories = Story.find(:all, :conditions => ["fixed_version_id=? AND tracker_id IN (?)", sprint.id, Story.trackers], :order => "position ASC") raise "You indicated an invalid position (#{position}) in a sprint with #{stories.length} stories" if 0 > position or position > stories.length stories[position - (direction=="up" ? 2 : 1)].id end @@ -105,7 +105,7 @@ When /^I download the calendar feed$/ do end When /^I view the stories of (.+) in the issues tab/ do |sprint_name| - sprint = Sprint.find(:first, :conditions => "name='#{sprint_name}'") + sprint = Sprint.find(:first, :conditions => ["name=?", sprint_name]) visit url_for(:controller => :rb_queries, :action => :show, :id => sprint.project_id, :sprint_id => sprint.id) end