Escaping single quotes before sending them to Salesforce.

Internet2-TSG · Feb 6, 2024 · a063a63 · a063a63
1 parent 114ad77
commit a063a63
Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/lib/sf/contact.rb b/lib/sf/contact.rb
@@ -99,19 +99,19 @@ def sf_person_mapping
     end
 
     def compare_attr(sf_attrs, person_attr, sf_attr)
-      if person.respond_to?(person_attr)
-        person_value = person.send(person_attr)
-        sf_value = send(sf_attr)
-        sf_attrs[sf_attr] = person_value if person_value.present? && !person_value.eql?(sf_value)
-      end
+      return unless person.respond_to?(person_attr)
+
+      person_value = person.send(person_attr)
+      sf_value = send(sf_attr)
+      sf_attrs[sf_attr] = person_value if person_value.present? && !person_value.eql?(sf_value)
     end
 
     def self.find(id)
       new Sf.client.find('Contact', id)
     end
 
     def self.where(args = {})
-      where = args.map { |k, v| "#{k} = \'#{v}\'" }.join(' and ')
+      where = args.map { |k, v| "#{k} = \'#{escape_single_quote(v)}\'" }.join(' and ')
       sobjects = Sf.client.query("select #{FIELDS_SELECT_STR} from Contact where #{where}")
       sobjects.blank? ? [] : build_collection(sobjects)
     end
@@ -178,6 +178,11 @@ def self.active_functional_title_pick_list
       func_titles
     end
 
+    # SOSQL needs the single quote to be escaped.
+    def self.escape_single_quote(str)
+      str.to_s.gsub("'", "\\\\'")
+    end
+
     private
 
     def self.build_contacts(from, where)

diff --git a/lib/sf/version.rb b/lib/sf/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sf
-  VERSION = '0.1.76'
+  VERSION = '0.1.77'
 end