From 255ce17474fb2d59f09745731391fed0e16344d5 Mon Sep 17 00:00:00 2001
From: Threated <jan2001.07@gmail.com>
Date: Thu, 5 Jan 2023 19:19:38 +0100
Subject: [PATCH 1/3] Fixed string escape and added tests

---
 redis/commands/helpers.py | 1 +
 tests/test_graph.py       | 2 +-
 tests/test_helpers.py     | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/redis/commands/helpers.py b/redis/commands/helpers.py
index 6989ab59fa..b65cd1a933 100644
--- a/redis/commands/helpers.py
+++ b/redis/commands/helpers.py
@@ -115,6 +115,7 @@ def quote_string(v):
     if len(v) == 0:
         return '""'
 
+    v = v.replace("\\", "\\\\")
     v = v.replace('"', '\\"')
 
     return f'"{v}"'
diff --git a/tests/test_graph.py b/tests/test_graph.py
index d71df48688..4721b2f4e2 100644
--- a/tests/test_graph.py
+++ b/tests/test_graph.py
@@ -124,7 +124,7 @@ def test_path(client):
 
 @pytest.mark.redismod
 def test_param(client):
-    params = [1, 2.3, "str", True, False, None, [0, 1, 2]]
+    params = [1, 2.3, "str", True, False, None, [0, 1, 2], r"\" RETURN 1337 //"]
     query = "RETURN $param"
     for param in params:
         result = client.graph().query(query, {"param": param})
diff --git a/tests/test_helpers.py b/tests/test_helpers.py
index 359582909f..57a94d2f45 100644
--- a/tests/test_helpers.py
+++ b/tests/test_helpers.py
@@ -80,3 +80,9 @@ def test_quote_string():
     assert quote_string("hello world!") == '"hello world!"'
     assert quote_string("") == '""'
     assert quote_string("hello world!") == '"hello world!"'
+    assert quote_string("abc") == '"abc"'
+    assert quote_string("") == '""'
+    assert quote_string('"') == r'"\""'
+    assert quote_string(r"foo \ bar") == r'"foo \\ bar"'
+    assert quote_string(r"foo \" bar") == r'"foo \\\" bar"'
+    assert quote_string('a"a') == r'"a\"a"'

From 370de0fc203b78dcf05f3c6a03e99823a0b4d923 Mon Sep 17 00:00:00 2001
From: Threated <jan2001.07@gmail.com>
Date: Thu, 5 Jan 2023 20:16:27 +0100
Subject: [PATCH 2/3] Add Change

---
 CHANGES | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGES b/CHANGES
index fca8d3168e..ec31995513 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,4 @@
+    * Fix Cypher Injection in Redis Graph
     * Make PythonParser resumable in case of error (#2510)
     * Add `timeout=None` in `SentinelConnectionManager.read_response`
     * Documentation fix: password protected socket connection (#2374)

From 56d8bb24c24319771a93a02f5950299b54636a9b Mon Sep 17 00:00:00 2001
From: Threated <jan2001.07@gmail.com>
Date: Mon, 9 Jan 2023 20:23:54 +0100
Subject: [PATCH 3/3] Name change

---
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index ec31995513..02daf5ee4c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,4 @@
-    * Fix Cypher Injection in Redis Graph
+    * Fix string cleanse in Redis Graph
     * Make PythonParser resumable in case of error (#2510)
     * Add `timeout=None` in `SentinelConnectionManager.read_response`
     * Documentation fix: password protected socket connection (#2374)