Skip to content
Permalink
Browse files

QueryLogger strips some characters from queries

  • Loading branch information...
garas committed Feb 7, 2017
1 parent 8a4a496 commit 1dec2bfc8856f3146a95213fd6de858978202c00
Showing with 33 additions and 1 deletion.
  1. +13 −1 src/Database/Log/QueryLogger.php
  2. +20 −0 tests/TestCase/Database/Log/QueryLoggerTest.php
@@ -68,7 +68,19 @@ protected function _interpolate($query)
return $p ? '1' : '0';
}
return is_string($p) ? "'$p'" : $p;
if (is_string($p)) {
$replacements = [
'$' => '\\$',
'\\' => '\\\\\\\\',
"'" => "''",
];
$p = strtr($p, $replacements);
return "'$p'";
}
return $p;
}, $query->params);
$keys = [];
@@ -127,6 +127,26 @@ public function testStringInterpolationNamed()
$this->assertEquals($expected, (string)$query);
}
/**
* Tests that placeholders are replaced with correctly escaped strings
*
* @return void
*/
public function testStringInterpolationSpecialChars()
{
$logger = $this->getMockBuilder('\Cake\Database\Log\QueryLogger')
->setMethods(['_log'])
->getMock();
$query = new LoggedQuery;
$query->query = 'SELECT a FROM b where a = :p1 AND b = :p2 AND c = :p3 AND d = :p4';
$query->params = ['p1' => '$2y$10$dUAIj', 'p2' => '$0.23', 'p3' => 'a\\0b\\1c\\d', 'p4' => "a'b"];
$logger->expects($this->once())->method('_log')->with($query);
$logger->log($query);
$expected = "duration=0 rows=0 SELECT a FROM b where a = '\$2y\$10\$dUAIj' AND b = '\$0.23' AND c = 'a\\\\0b\\\\1c\\\\d' AND d = 'a''b'";
$this->assertEquals($expected, (string)$query);
}
/**
* Tests that the logged query object is passed to the built-in logger using
* the correct scope

0 comments on commit 1dec2bf

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.