From a4c152feff1e3223a620212542f9217303dc8c2b Mon Sep 17 00:00:00 2001
From: Yoshinori Okuji <yo@nexedi.com>
Date: Fri, 21 Oct 2005 18:52:56 +0000
Subject: [PATCH] Use sql_quote only if the value_item is a string.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4105 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ZSQLCatalog/SQLCatalog.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/product/ZSQLCatalog/SQLCatalog.py b/product/ZSQLCatalog/SQLCatalog.py
index 7ce0d5f6c7..d5a49a26a9 100755
--- a/product/ZSQLCatalog/SQLCatalog.py
+++ b/product/ZSQLCatalog/SQLCatalog.py
@@ -1413,8 +1413,6 @@ class Catalog(Folder, Persistent, Acquisition.Implicit, ExtensionClass.Base):
               # We have to create an OR from tuple or list
               query_item = []
               for value_item in value:
-                # For security.
-                value_item = sql_quote(value_item)
                 if value_item != '':
                   # we consider empty string as Non Significant
                   # also for lists
@@ -1422,6 +1420,8 @@ class Catalog(Folder, Persistent, Acquisition.Implicit, ExtensionClass.Base):
                                           type(1991643034L)):
                     query_item += ["%s = %s" % (key, value_item)]
                   else:
+                    # For security.
+                    value_item = sql_quote(value_item)
                     if '%' in value_item:
                       query_item += ["%s LIKE '%s'" % (key, str(value_item))]
                     elif key in keyword_search_keys:
-- 
2.30.9