ref #4311 fix single quote escape in collectorTitle updater

diff --git a/cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/database/update/v523_525/CollectorTitleUpdater.java b/cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/database/update/v523_525/CollectorTitleUpdater.java
index b330c61235c9f74c0d324709aa42c5cbc10cbb8d..63112da0d6ad16ff468d3bac0db89c9cc849f294 100644 (file)
--- a/cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/database/update/v523_525/CollectorTitleUpdater.java
+++ b/cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/database/update/v523_525/CollectorTitleUpdater.java
@@ -82,6 +82,7 @@ public class CollectorTitleUpdater extends SchemaUpdaterStepBase {
                     }
                     rs2.close();
                     String collectorTitleCache = TeamDefaultCacheStrategy.INSTANCE().getCollectorTitleCache(team);
+                    collectorTitleCache = escapeSingleQuote(collectorTitleCache);
                     sql = " UPDATE @@AgentBase@@ SET collectorTitleCache = '" + collectorTitleCache + "' WHERE id = " + id;
                     datasource.executeUpdate(caseType.replaceTableNames(sql));
                 }
@@ -92,6 +93,10 @@ public class CollectorTitleUpdater extends SchemaUpdaterStepBase {
         }
     }
 
+    protected String escapeSingleQuote(String str) {
+        return str == null? null : str.replace("'", "''");
+    }
+
     private Person handlePerson(ResultSet rs, ICdmDataSource datasource, CaseType caseType) throws SQLException {
         //set collectorTitle
         int id = rs.getInt("id");