Comment 2 for bug 1807784

Hi! The problem is here:

https://github.com/evergreen-library-system/Evergreen/blob/21ca1e6/Open-ILS/src/perlmods/lib/OpenILS/Application/Booking.pm#L351

AND:

https://github.com/evergreen-library-system/Evergreen/blob/21ca1e6/Open-ILS/src/perlmods/lib/OpenILS/Application/Booking.pm#L552

Specifically the bits like this doing some fancy dollar quoting:

        $query->{having}->{'+bram'}->{value}->{'@>'} = {
            transform => 'array_accum',
            value => '$_' . $$ . '${' .
                join(',', @{$filters->{attribute_values}}) .
                '}$_' . $$ . '$'
        };

$$ outputs the Perl PID. This takes the attribute values and wraps them in $_PID${ ARRAY }$_PID$. So for example $_29814${1,3}$_29814$

It looks like the intent was to use dollar quoting for escaping things, however the resulting query will be additionally quoted with single quotes like: '$_29814${1,3}$_29814$' and PostgreSQL doesn't like this.

I'm not certain of the intent of this quoting, I suspect either this has never worked, or the quoting for cstore used to be different or PostgreSQL used to allow dollar quotes inside single quotes.