From 0a4ea6861a05703ad3490243cf404de90ad9f712 Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Thu, 16 May 2019 22:20:01 +0200
Subject: [PATCH] Fixed quotes were not escaped properly for contains search in
 dropdowns (fixes #249)

---
 public/viewjs/components/productpicker.js | 4 ++--
 public/viewjs/components/userpicker.js    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/public/viewjs/components/productpicker.js b/public/viewjs/components/productpicker.js
index 4a72739b..284ef760 100644
--- a/public/viewjs/components/productpicker.js
+++ b/public/viewjs/components/productpicker.js
@@ -70,7 +70,7 @@ if (!prefillProduct2.isEmpty())
 }
 if (typeof prefillProduct !== "undefined")
 {
-	var possibleOptionElement = $("#product_id option[data-additional-searchdata*='" + prefillProduct + "']").first();
+	var possibleOptionElement = $("#product_id option[data-additional-searchdata*='" + prefillProduct.replace("'", "\\'") + "']").first();
 	if (possibleOptionElement.length === 0)
 	{
 		possibleOptionElement = $("#product_id option:contains('" + prefillProduct + "')").first();
@@ -120,7 +120,7 @@ $('#product_id_text_input').on('blur', function(e)
 	}
 
 	var input = $('#product_id_text_input').val().toString();
-	var possibleOptionElement = $("#product_id option[data-additional-searchdata*='" + input + "']").first();
+	var possibleOptionElement = $("#product_id option[data-additional-searchdata*='" + input.replace("'", "\\'") + "']").first();
 	
 	if (GetUriParam('addbarcodetoselection') === undefined && possibleOptionElement.length > 0)
 	{
diff --git a/public/viewjs/components/userpicker.js b/public/viewjs/components/userpicker.js
index 5fdeb997..b4c2a20e 100644
--- a/public/viewjs/components/userpicker.js
+++ b/public/viewjs/components/userpicker.js
@@ -42,7 +42,7 @@ $('.user-combobox').combobox({
 var prefillUser = Grocy.Components.UserPicker.GetPicker().parent().data('prefill-by-username').toString();
 if (typeof prefillUser !== "undefined")
 {
-	var possibleOptionElement = $("#user_id option[data-additional-searchdata*='" + prefillUser + "']").first();
+	var possibleOptionElement = $("#user_id option[data-additional-searchdata*='" + prefillUser.replace("'", "\\'") + "']").first();
 	if (possibleOptionElement.length === 0)
 	{
 		possibleOptionElement = $("#user_id option:contains('" + prefillUser + "')").first();