diff --git a/src/Umbraco.Core/Persistence/Repositories/ContentRepository.cs b/src/Umbraco.Core/Persistence/Repositories/ContentRepository.cs index 85e33d8c7f..42155d0baf 100644 --- a/src/Umbraco.Core/Persistence/Repositories/ContentRepository.cs +++ b/src/Umbraco.Core/Persistence/Repositories/ContentRepository.cs @@ -659,6 +659,12 @@ namespace Umbraco.Core.Persistence.Repositories var sql = translator.Translate() .Where(x => x.Newest); + // Apply filter + if (!string.IsNullOrEmpty(filter)) + { + sql = sql.Where("cmsDocument.text LIKE @0", "%" + filter + "%"); + } + // Apply order according to parameters if (!string.IsNullOrEmpty(orderBy)) { @@ -678,22 +684,9 @@ namespace Umbraco.Core.Persistence.Repositories // So we'll modify the SQL. var modifiedSQL = sql.SQL.Replace("SELECT *", "SELECT cmsDocument.nodeId"); - // HACK: the .Where(x => x.Newest) clause above is also being used in PerformGetQuery, so included here, - // but it doesn't look to do anything as the clause isn't added to the the generated SQL. - // So we'll add it here. - modifiedSQL = modifiedSQL.Replace("WHERE ", "WHERE Newest = 1 AND "); - - // HACK: Apply filter. Again, can't get expression based Where filter to be added to the generated SQL, - // so working with the raw string. Potential SQL injection here so, although escaped, should be modified. - if (!string.IsNullOrEmpty(filter)) - { - modifiedSQL = modifiedSQL.Replace("WHERE ", - string.Format("WHERE cmsDocument.text LIKE '%{0}%' AND ", filter.Replace("'", "''"))); - } - // Get page of results and total count IEnumerable result; - var pagedResult = Database.Page(pageNumber, pageSize, modifiedSQL); + var pagedResult = Database.Page(pageNumber, pageSize, modifiedSQL, sql.Arguments); totalRecords = Convert.ToInt32(pagedResult.TotalItems); if (totalRecords > 0) { diff --git a/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs index 6903f6d983..26510f3b5d 100644 --- a/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs +++ b/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs @@ -374,6 +374,27 @@ namespace Umbraco.Tests.Persistence.Repositories } } + [Test] + public void Can_Perform_GetPagedResultsByQuery_WithSinglePage_On_ContentRepository() + { + // Arrange + var provider = new PetaPocoUnitOfWorkProvider(); + var unitOfWork = provider.GetUnitOfWork(); + ContentTypeRepository contentTypeRepository; + using (var repository = CreateRepository(unitOfWork, out contentTypeRepository)) + { + // Act + var query = Query.Builder.Where(x => x.Level == 2); + int totalRecords; + var result = repository.GetPagedResultsByQuery(query, 1, 2, out totalRecords, "Name", Direction.Ascending); + + // Assert + Assert.That(totalRecords, Is.GreaterThanOrEqualTo(2)); + Assert.That(result.Count(), Is.EqualTo(2)); + Assert.That(result.First().Name, Is.EqualTo("Text Page 1")); + } + } + [Test] public void Can_Perform_GetPagedResultsByQuery_WithDescendingOrder_On_ContentRepository() { @@ -396,7 +417,7 @@ namespace Umbraco.Tests.Persistence.Repositories } [Test] - public void Can_Perform_GetPagedResultsByQuery_WithFilter_On_ContentRepository() + public void Can_Perform_GetPagedResultsByQuery_WithFilterMatchingSome_On_ContentRepository() { // Arrange var provider = new PetaPocoUnitOfWorkProvider(); @@ -415,7 +436,28 @@ namespace Umbraco.Tests.Persistence.Repositories Assert.That(result.First().Name, Is.EqualTo("Text Page 2")); } } - + + [Test] + public void Can_Perform_GetPagedResultsByQuery_WithFilterMatchingAll_On_ContentRepository() + { + // Arrange + var provider = new PetaPocoUnitOfWorkProvider(); + var unitOfWork = provider.GetUnitOfWork(); + ContentTypeRepository contentTypeRepository; + using (var repository = CreateRepository(unitOfWork, out contentTypeRepository)) + { + // Act + var query = Query.Builder.Where(x => x.Level == 2); + int totalRecords; + var result = repository.GetPagedResultsByQuery(query, 1, 1, out totalRecords, "Name", Direction.Ascending, "Page"); + + // Assert + Assert.That(totalRecords, Is.EqualTo(2)); + Assert.That(result.Count(), Is.EqualTo(1)); + Assert.That(result.First().Name, Is.EqualTo("Text Page 1")); + } + } + [Test] public void Can_Perform_GetAll_By_Param_Ids_On_ContentRepository() {