Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit674db19

Browse files
SimonSchicksushantdhiman
authored andcommitted
fix(query-interface): incorrect regex escape with json querying (#10615)
1 parent437696e commit674db19

File tree

4 files changed

+36
-14
lines changed

4 files changed

+36
-14
lines changed

‎lib/dialects/abstract/query-generator.js

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ const sequelizeError = require('../../errors');
1919

2020
constQuoteHelper=require('./query-generator/helpers/quote');
2121

22+
constnonEscapeOperators=newSet([Op.like,Op.iLike,Op.regexp,Op.iRegexp,Op.notRegexp,Op.notIRegexp]);
23+
2224
/**
2325
* Abstract Query Generator
2426
*
@@ -950,7 +952,7 @@ class QueryGenerator {
950952
// Users shouldn't have to worry about these args - just give them a function that takes a single arg
951953
constsimpleEscape=escVal=>SqlString.escape(escVal,this.options.timezone,this.dialect);
952954

953-
value=field.type.stringify(value,{escape:simpleEscape, field,timezone:this.options.timezone,operation:options.operation});
955+
value=field.type.stringify(value,{escape:simpleEscape, field,timezone:this.options.timezone,acceptStrings:options.acceptStrings});
954956

955957
if(field.type.escape===false){
956958
// The data-type already did the required escaping
@@ -985,7 +987,7 @@ class QueryGenerator {
985987
this.validate(value,field,options);
986988

987989
if(field.type.bindParam){
988-
returnfield.type.bindParam(value,{escape:_.identity, field,timezone:this.options.timezone,operation:options.operation,bindParam});
990+
returnfield.type.bindParam(value,{escape:_.identity, field,timezone:this.options.timezone, bindParam});
989991
}
990992
}
991993
}
@@ -2391,9 +2393,8 @@ class QueryGenerator {
23912393
comparator=this.OperatorMap[Op.like];
23922394
returnthis._joinKeyValue(key,this.escape(`%${value}%`),comparator,options.prefix);
23932395
}
2394-
23952396
constescapeOptions={
2396-
acceptStrings:comparator.includes(this.OperatorMap[Op.like])
2397+
acceptStrings:nonEscapeOperators.has(prop)
23972398
};
23982399

23992400
if(_.isPlainObject(value)){

‎lib/dialects/mariadb/data-types.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ module.exports = BaseTypes => {
105105

106106
classJSONTYPEextendsBaseTypes.JSON{
107107
_stringify(value,options){
108-
returnoptions.operation==='where'&&typeofvalue==='string' ?value
108+
returnoptions.acceptsString&&typeofvalue==='string' ?value
109109
:JSON.stringify(value);
110110
}
111111
}

‎lib/dialects/mysql/data-types.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ module.exports = BaseTypes => {
124124

125125
classJSONTYPEextendsBaseTypes.JSON{
126126
_stringify(value,options){
127-
returnoptions.operation==='where'&&typeofvalue==='string' ?value :JSON.stringify(value);
127+
returnoptions.acceptStrings&&typeofvalue==='string' ?value :JSON.stringify(value);
128128
}
129129
}
130130

‎test/integration/operators.test.js

Lines changed: 29 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
'use strict';
22

3-
constchai=require('chai'),
4-
Sequelize=require('../../index'),
5-
Op=Sequelize.Op,
6-
Promise=Sequelize.Promise,
7-
expect=chai.expect,
8-
Support=require('../support'),
9-
DataTypes=require('../../lib/data-types'),
10-
dialect=Support.getTestDialect();
3+
const{ stub}=require('sinon');
4+
const{ expect}=require('chai');
5+
constSequelize=require('../../index');
6+
constOp=Sequelize.Op;
7+
constPromise=Sequelize.Promise;
8+
constSupport=require('../support');
9+
constDataTypes=require('../../lib/data-types');
10+
constdialect=Support.getTestDialect();
1111

1212
describe(Support.getTestDialectTeaser('Operators'),()=>{
1313
describe('REGEXP',()=>{
@@ -23,6 +23,9 @@ describe(Support.getTestDialectTeaser('Operators'), () => {
2323
name:{
2424
type:DataTypes.STRING,
2525
field:'full_name'
26+
},
27+
json:{
28+
type:DataTypes.JSON
2629
}
2730
},{
2831
tableName:'users',
@@ -39,6 +42,9 @@ describe(Support.getTestDialectTeaser('Operators'), () => {
3942
},
4043
full_name:{
4144
type:DataTypes.STRING
45+
},
46+
json:{
47+
type:DataTypes.JSON
4248
}
4349
})
4450
]);
@@ -78,6 +84,21 @@ describe(Support.getTestDialectTeaser('Operators'), () => {
7884
});
7985
});
8086

87+
it('should work with json',function(){
88+
constlogging=stub();
89+
returnthis.User.findOne({
90+
logging,
91+
where:{
92+
json:{
93+
[Op.regexp]:'test'
94+
}
95+
}
96+
})
97+
.then(()=>{
98+
expect(logging.firstCall.args[0]).to.not.include('\\"test\\"');
99+
});
100+
});
101+
81102
it('should properly escape regular expressions',function(){
82103
returnthis.User.bulkCreate([{
83104
name:'John'

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp