CodeCow/chatwoot
1
0
Fork 0
mirror of https://github.com/chatwoot/chatwoot.git synced 2026-06-13 21:01:16 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
7331b0a98d
chatwoot/lib
History
Shivam Mishra 67112647e8
fix: escape special characters in Linear GraphQL queries (#13490) 
Creating a Linear issue from Chatwoot fails with a GraphQL parse error
when the title, description, or search term contains double quotes. For
example, a description like `the sender is "Bot"` produces this broken
query:

```graphql
issueCreate(input: { description: "the sender is "Bot"" })
```

Linear's API rejects this with `Syntax Error: Expected ":", found
String`. This affects issue creation, issue linking, and issue search —
any flow where user-provided text is interpolated into a GraphQL query.

The `graphql_value` helper was only escaping newlines (`\n`) but not
quotes, backslashes, or other characters that are meaningful inside a
GraphQL string literal. On top of that, `issue_link` and `search_issue`
bypassed `graphql_value` entirely, using raw string interpolation
instead.

The fix replaces the manual `gsub` escaping with Ruby's `to_json`, which
produces a properly escaped, double-quoted string that handles all
special characters. This is a minimal, well-understood substitution —
`to_json` on a Ruby string returns a valid JSON string literal, which is
also a valid GraphQL string literal since GraphQL uses the same escaping
rules. The `issue_link` mutation and `search_issue` query are updated to
route their parameters through `graphql_value` instead of raw
interpolation.

The `team_entities_query` and `linked_issues` methods in `queries.rb`
also use raw interpolation, but their inputs are system-generated IDs
and URLs rather than user-provided text, so they're left as-is to keep
this change focused.
2026-02-09 16:18:04 +05:30
..
action_view/template/handlers feat: Customisable Email Templates (#1095) 2020-08-06 15:21:06 +05:30
assets Initial Commit 2019-08-14 15:18:44 +05:30
captain feat: search documentation tool for reply suggestions (#13340) 2026-01-30 16:18:33 +05:30
custom_exceptions fix: PDF errors not loading in CI (#13236) 2026-01-12 15:22:15 +05:30
events feat: Add support for realtime-events in copilot-threads and copilot-messages (#11557) 2025-05-22 22:25:05 -07:00
filters fix: country_code should be checked against the contact (#13186) 2026-01-13 14:47:27 +05:30
integrations feat: search documentation tool for reply suggestions (#13340) 2026-01-30 16:18:33 +05:30
linear fix: escape special characters in Linear GraphQL queries (#13490) 2026-02-09 16:18:04 +05:30
llm feat: new Captain Editor (#13235) 2026-01-21 13:39:07 +05:30
redis feat: add per-account daily rate limit for outbound emails (#13411) 2026-02-03 02:06:51 +05:30
seeders Revert "chore: Upgrade Rails to 7.2.2 and update Gemfile dependencies (#11037)" 2026-02-03 21:09:42 -08:00
tasks feat: add cron job to remove orphan conversations (#13335) 2026-01-28 19:25:20 +05:30
test_data chore: Generate test data for bulk insertion (#11229) 2025-05-06 11:13:11 +05:30
webhooks feat: Customizable webhook timeout configuration (#12777) 2025-11-17 14:43:23 -08:00
base_markdown_renderer.rb feat: support image height in markdown rendering of messages (#8177) 2023-11-02 13:51:54 -07:00
chatwoot_app.rb feat: search documentation tool for reply suggestions (#13340) 2026-01-30 16:18:33 +05:30
chatwoot_captcha.rb feat: Add hCaptcha for public forms (#4017) 2022-02-18 20:02:50 +05:30
chatwoot_exception_tracker.rb fix: modify exception tracker to log even if sentry configured (#7563) 2023-07-21 11:58:49 +03:00
chatwoot_hub.rb chore: Add submenu for super admin settings (#11860) 2025-07-15 21:28:39 -07:00
chatwoot_markdown_renderer.rb feat: Standardize rich editor across all channels (#12600) 2025-12-08 14:43:45 +05:30
config_loader.rb chore: Add display manifest to whitelabel settings (#8708) 2024-01-16 09:50:23 +04:00
current.rb Automation enhancement (#4087) 2022-03-21 13:12:27 +05:30
custom_markdown_renderer.rb feat: move embedding config to a yaml file (#11611) 2025-05-30 16:26:40 +05:30
dyte.rb feat: Upgrade Dyte apis to v2 (#10706) 2025-02-19 14:47:48 -08:00
exception_list.rb Fix: prevent IMAPBadResponse exception from sending the authorization mail (#7154) 2023-05-22 13:51:56 +05:30
global_config_service.rb feat: move Slack config to installation settings (#11548) 2025-05-23 01:07:35 -07:00
global_config.rb chore: Add display manifest to whitelabel settings (#8708) 2024-01-16 09:50:23 +04:00
limits.rb feat: Advanced Search Backend (#12917) 2026-01-07 15:30:49 +05:30
linear.rb feat: Add user attribution to Linear integration with actor authorization (#11774) 2025-07-01 16:49:26 +05:30
llm_constants.rb feat: legacy features to ruby llm (#12994) 2025-12-11 14:17:28 +05:30
microsoft_graph_auth.rb Revert "feat: Support Azure single-tenant application using the Graph… (#7436) 2023-06-29 16:50:18 -07:00
online_status_tracker.rb fix: Get online status from db when not present in cache [CW-3233] (#9477) 2024-05-15 21:23:19 -07:00
opentelemetry_config.rb feat: Add support for Langfuse LLM Tracing via OTEL (#12905) 2025-11-21 16:31:45 -08:00
regex_helper.rb fix: Escape closing bracket in mention regex (#11877) 2025-07-04 10:35:11 +05:30
test_data.rb chore: Generate test data for bulk insertion (#11229) 2025-05-06 11:13:11 +05:30
url_helper.rb fix: Referer URL validation (#4309) 2022-03-30 14:36:22 +05:30
vapid_service.rb chore: Switch to web-push gem (#6390) 2023-02-03 18:55:22 +05:30