From 98ff62f2df01366777fda9b4dbe7586b0cd45252 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Mon, 19 Jul 2021 10:24:33 +0200
Subject: [PATCH] Fix ' when using JCR query based on MessageFormat.

---
 org.argeo.jcr/src/org/argeo/jcr/Jcr.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/org.argeo.jcr/src/org/argeo/jcr/Jcr.java b/org.argeo.jcr/src/org/argeo/jcr/Jcr.java
index 31077737e..72e325d35 100644
--- a/org.argeo.jcr/src/org/argeo/jcr/Jcr.java
+++ b/org.argeo.jcr/src/org/argeo/jcr/Jcr.java
@@ -902,6 +902,8 @@ public class Jcr {
 	// QUERY
 	/** Creates a JCR-SQL2 query using {@link MessageFormat}. */
 	public static Query createQuery(QueryManager qm, String sql, Object... args) {
+		// fix single quotes
+		sql = sql.replaceAll("'", "''");
 		String query = MessageFormat.format(sql, args);
 		try {
 			return qm.createQuery(query, Query.JCR_SQL2);
-- 
2.30.2