Commit 8330aa4f authored by andreas's avatar andreas Committed by Steve Müller

Fixed incorrect handling of single quotes in SQL-Strings escaped by repeated...

Fixed incorrect handling of single quotes in SQL-Strings escaped by repeated single-quote (DBAL-1205)
parent 51a0529b
......@@ -32,7 +32,7 @@ class SQLParserUtils
const NAMED_TOKEN = '(?<!:):[a-zA-Z_][a-zA-Z0-9_]*';
// Quote characters within string literals can be preceded by a backslash.
const ESCAPED_SINGLE_QUOTED_TEXT = "'(?:[^'\\\\]|\\\\'?)*'";
const ESCAPED_SINGLE_QUOTED_TEXT = "'(?:[^'\\\\]|\\\\'?|'')*'";
const ESCAPED_DOUBLE_QUOTED_TEXT = '"(?:[^"\\\\]|\\\\"?)*"';
const ESCAPED_BACKTICK_QUOTED_TEXT = '`(?:[^`\\\\]|\\\\`?)*`';
const ESCAPED_BRACKET_QUOTED_TEXT = '\[(?:[^\]])*\]';
......
......@@ -61,6 +61,19 @@ SQLDATA
array('SELECT foo::date as date FROM Foo WHERE bar > :start_date AND baz > :start_date', false, array(46 => 'start_date', 68 => 'start_date')), // Ticket GH-259
array('SELECT `d.ns:col_name` FROM my_table d WHERE `d.date` >= :param1', false, array(57 => 'param1')), // Ticket DBAL-552
array('SELECT [d.ns:col_name] FROM my_table d WHERE [d.date] >= :param1', false, array(57 => 'param1')), // Ticket DBAL-552
array(
<<<'SQLDATA'
SELECT * FROM foo WHERE
bar = ':not_a_param1 ''":not_a_param2"'''
OR bar=:a_param1
OR bar=:a_param2||':not_a_param3'
OR bar=':not_a_param4 '':not_a_param5'' :not_a_param6'
OR bar=''
OR bar=':a_param3
SQLDATA
, false, array(74 => 'a_param1', 91 => 'a_param2', 191 => 'a_param3')
),
);
}
......@@ -342,6 +355,15 @@ SQLDATA
array(1, null),
array(\PDO::PARAM_INT, \PDO::PARAM_NULL)
),
// DBAL-1205 - Escaped single quotes SQL- and C-Style
array(
"SELECT * FROM Foo WHERE foo = :foo||''':not_a_param''\\'' OR bar = ''':not_a_param''\\'':bar",
array(':foo' => 1, ':bar' => 2),
array(':foo' => \PDO::PARAM_INT, 'bar' => \PDO::PARAM_INT),
'SELECT * FROM Foo WHERE foo = ?||\'\'\':not_a_param\'\'\\\'\' OR bar = \'\'\':not_a_param\'\'\\\'\'?',
array(1, 2),
array(\PDO::PARAM_INT, \PDO::PARAM_INT)
),
);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment