libtracker-sparql: Escape single quotes

According to https://www.w3.org/TR/sparql11-query/#grammarEscapes,
double and single quotes may be escaped regardless of the type of
string literal we are dealing with.

We should make tracker_sparql_escape_string() match accordingly.

Related: https://gitlab.gnome.org/GNOME/nautilus/issues/163
         https://gitlab.gnome.org/GNOME/nautilus/merge_requests/456

2 files changed, 5 insertions, 1 deletions

diff --git a/src/libtracker-sparql/tracker-utils.vala b/src/libtracker-sparql/tracker-utils.vala
index 32aac9a8f..a4664abf0 100644
--- a/src/libtracker-sparql/tracker-utils.vala
+++ b/src/libtracker-sparql/tracker-utils.vala
@@ -56,7 +56,7 @@ namespace Tracker.Sparql {
 		char *p = (char*) literal;
 
 		while (*p != '\0') {
-			size_t len = Posix.strcspn ((string) p, "\t\n\r\b\f\"\\");
+			size_t len = Posix.strcspn ((string) p, "\t\n\r\b\f\'\"\\");
 			str.append_len ((string) p, (long) len);
 			p += len;
 
@@ -76,6 +76,9 @@ namespace Tracker.Sparql {
 			case '\f':
 				str.append ("\\f");
 				break;
+			case '\'':
+				str.append ("\\'");
+				break;
 			case '"':
 				str.append ("\\\"");
 				break;
diff --git a/tests/libtracker-sparql/tracker-sparql-test.c b/tests/libtracker-sparql/tracker-sparql-test.c
index de371feb5..3b60d18be 100644
--- a/tests/libtracker-sparql/tracker-sparql-test.c
+++ b/tests/libtracker-sparql/tracker-sparql-test.c
@@ -32,6 +32,7 @@ typedef struct {
 
 ESCAPE_TEST_DATA test_data []  = {
 	{ "SELECT \"a\"", "SELECT \\\"a\\\"" },
+	{ "SELECT \'a\'", "SELECT \\\'a\\\'" },
 	{ "SELECT ?u \t \n \r \b \f", "SELECT ?u \\t \\n \\r \\b \\f" },
 	{ NULL, NULL }
 };