noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ensure double quote characters are always escaped properly

Browse source 
Closes #1488
This commit is contained in:
Tobie Morgan Hitchcock 2022-11-27 11:43:16 +00:00
parent 8b5a99c321
commit 77b24cda26
2 changed files with 41 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/src/sql/escape.rs
View file

@ -15,11 +15,11 @@ const BACKTICK: char = '`';
const BACKTICK_ESC: &str = r#"\`"#; const BACKTICK_ESC: &str = r#"\`"#;
#[inline] #[inline]
pub fn escape_str(s: &str) -> String { pub fn escape_str(s: &str) -> Cow<'_, str> {
if s.contains(SINGLE) { if s.contains(SINGLE) {
format!("{}{}{}", DOUBLE, s, DOUBLE) escape_normal(s, DOUBLE, DOUBLE, DOUBLE_ESC)
} else { } else {
format!("{}{}{}", SINGLE, s, SINGLE) Cow::Owned(format!("{}{}{}", SINGLE, s, SINGLE))
} }
} }

39
lib/tests/escape.rs
View file

@ -6,7 +6,7 @@ use surrealdb::Error;
use surrealdb::Session; use surrealdb::Session;
#[tokio::test] #[tokio::test]
async fn complex_string() -> Result<(), Error> { async fn complex_ids() -> Result<(), Error> {
let sql = r#" let sql = r#"
CREATE person:100 SET test = 'One'; CREATE person:100 SET test = 'One';
CREATE person:00100; CREATE person:00100;
@ -84,3 +84,40 @@ async fn complex_string() -> Result<(), Error> {
// //
Ok(()) Ok(())
} }
#[tokio::test]
async fn complex_strings() -> Result<(), Error> {
let sql = r#"
RETURN 'String with no complex characters';
RETURN 'String with some "double quoted" characters';
RETURN 'String with some \'escaped single quoted\' characters';
RETURN "String with some \"escaped double quoted\" characters";
RETURN "String with some 'single' and \"double\" quoted characters";
"#;
let dbs = Datastore::new("memory").await?;
let ses = Session::for_kv().with_ns("test").with_db("test");
let res = &mut dbs.execute(&sql, &ses, None, false).await?;
assert_eq!(res.len(), 5);
//
let tmp = res.remove(0).result?;
let val = Value::parse(r#"'String with no complex characters'"#);
assert_eq!(tmp, val);
//
let tmp = res.remove(0).result?;
let val = Value::parse(r#"'String with some "double quoted" characters'"#);
assert_eq!(tmp, val);
//
let tmp = res.remove(0).result?;
let val = Value::parse(r#""String with some 'escaped single quoted' characters""#);
assert_eq!(tmp, val);
//
let tmp = res.remove(0).result?;
let val = Value::parse(r#"'String with some "escaped double quoted" characters'"#);
assert_eq!(tmp, val);
//
let tmp = res.remove(0).result?;
let val = Value::parse(r#""String with some 'single' and \"double\" quoted characters""#);
assert_eq!(tmp, val);
//
Ok(())
}