Fix handling of escaped quote characters and numeric literals in MySQL

dbsrgits · Jul 25, 2014 · ed2b540 · ed2b540
1 parent 886bf30
commit ed2b540
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 27 deletions.
diff --git a/lib/SQL/Translator/Parser/MySQL.pm b/lib/SQL/Translator/Parser/MySQL.pm
@@ -205,12 +205,9 @@ bit:
 
 string :
   # MySQL strings, unlike common SQL strings, can be double-quoted or
-  # single-quoted, and you can escape the delmiters by doubling (but only the
-  # delimiter) or by backslashing.
+  # single-quoted.
 
-   /'(\\.|''|[^\\\'])*'/ |
-   /"(\\.|""|[^\\\"])*"/
-  # For reference, std sql str: /(?:(?:\')(?:[^\']*(?:(?:\'\')[^\']*)*)(?:\'))//
+  SQSTRING | DQSTRING
 
 nonstring : /[^;\'"]+/
 
@@ -681,9 +678,8 @@ default_val :
         $return =  $item[2];
     }
     |
-    /default/i string
+    /default/i VALUE
     {
-        $item[2] =~ s/^\s*'|'\s*$//g or $item[2] =~ s/^\s*"|"\s*$//g;
         $return  =  $item[2];
     }
     |
@@ -862,26 +858,30 @@ DOUBLE_QUOTE: '"'
 
 SINGLE_QUOTE: "'"
 
-QUOTED_NAME : BACKTICK /(?:[^`]|``)+/ BACKTICK
-    { my $val = $item[2]; $val =~ s/``/`/g; $return = $val }
-    | DOUBLE_QUOTE /(?:[^"]|"")+/ DOUBLE_QUOTE
-    { my $val = $item[2]; $val =~ s/""/"/g; $return = $val }
-    | SINGLE_QUOTE /(?:[^']|''|\\')+/ SINGLE_QUOTE
-    { my $val = $item[2]; $val =~ s/''/'/g; $return = $val }
+QUOTED_NAME : BQSTRING
+    | SQSTRING
+    | DQSTRING
+
+# MySQL strings, unlike common SQL strings, can have the delmiters
+# escaped either by doubling or by backslashing.
+BQSTRING: BACKTICK /(?:[^\\`]|``|\\.)*/ BACKTICK
+    { ($return = $item[2]) =~ s/(\\[\\`]|``)/substr($1,1)/ge }
+
+DQSTRING: DOUBLE_QUOTE /(?:[^\\"]|""|\\.)*/ DOUBLE_QUOTE
+    { ($return = $item[2]) =~ s/(\\[\\"]|"")/substr($1,1)/ge }
+
+SQSTRING: SINGLE_QUOTE /(?:[^\\']|''|\\.)*/ SINGLE_QUOTE
+    { ($return = $item[2]) =~ s/(\\[\\']|'')/substr($1,1)/ge }
+
 
 NAME: QUOTED_NAME
     | /\w+/
 
-VALUE : /[-+]?\.?\d+(?:[eE]\d+)?/
+VALUE : /[-+]?\d*\.?\d+(?:[eE]\d+)?/
     { $item[1] }
-    | QUOTED_NAME
-    {
-        # remove leading/trailing quotes
-        my $val = $item[1];
-        $val    =~ s/^['"]|['"]$//g;
-        $return = $val;
-    }
-    | /NULL/
+    | SQSTRING
+    | DQSTRING
+    | /NULL/i
     { 'NULL' }
 
 # always a scalar-ref, so that it is treated as a function and not quoted by consumers

diff --git a/lib/SQL/Translator/Producer.pm b/lib/SQL/Translator/Producer.pm
@@ -15,8 +15,9 @@ sub produce { "" }
 ## They are special per Producer, and provide support for the old 'now()'
 ## default value exceptions
 sub _apply_default_value {
-  my (undef, $field, $field_ref, $exceptions) = @_;
+  my (undef, $field, $field_ref, $exceptions, $munge_default) = @_;
   my $default = $field->default_value;
+  $munge_default ||= sub { s/'/''/g };
   return if !defined $default;
 
   if ($exceptions and ! ref $default) {
@@ -41,7 +42,7 @@ sub _apply_default_value {
     # we need to check the data itself in addition to the datatype, for basic safety
       $$field_ref .= " DEFAULT $default";
   } else {
-      $default =~ s/'/''/g;
+      $munge_default->() for $default;
       $$field_ref .= " DEFAULT '$default'";
   }
 

diff --git a/lib/SQL/Translator/Producer/MySQL.pm b/lib/SQL/Translator/Producer/MySQL.pm
@@ -632,6 +632,7 @@ sub create_field
       [
         'NULL'       => \'NULL',
       ],
+      sub { s/([\\'])/$1$1/g },
     );
 
     if ( my $comments = $field->comments ) {

diff --git a/t/02mysql-parser.t b/t/02mysql-parser.t
@@ -900,7 +900,7 @@ ok ($@, 'Exception thrown on invalid version string');
     is( $f2->data_type, 'varchar', 'Type is "varchar"' );
     is( $f2->size, 12, 'Size is "12"' );
     is( $f2->is_nullable, 0, 'Field can not be null' );
-    is( $f2->default_value, "test single quotes like in you''re", "Single quote in default value is escaped properly" );
+    is( $f2->default_value, "test single quotes like in you're", "Single quote in default value is unescaped properly" );
     is( $f2->is_primary_key, 0, 'Field is not PK' );
 
     # this is more of a sanity test because the original sqlt regex for default looked for an escaped quote represented as \'
@@ -909,7 +909,7 @@ ok ($@, 'Exception thrown on invalid version string');
     is( $f3->data_type, 'varchar', 'Type is "varchar"' );
     is( $f3->size, 20, 'Size is "20"' );
     is( $f3->is_nullable, 0, 'Field can not be null' );
-    is( $f3->default_value, "test single quotes escaped like you\\'re", "Single quote in default value is escaped properly" );
+    is( $f3->default_value, "test single quotes escaped like you're", "Single quote in default value is unescaped properly" );
     is( $f3->is_primary_key, 0, 'Field is not PK' );
 }
 

diff --git a/t/data/roundtrip.xml b/t/data/roundtrip.xml
@@ -31,7 +31,7 @@ Created on Fri Aug 15 15:08:18 2003
           <field name="explicitemptystring" size="0"
               data_type="varchar" order="6" default_value="" />
           <field name="emptytagdef" size="0"
-              data_type="varchar" order="7" default_value="" >
+              data_type="varchar" order="7" default_value="backslash \ single-quote '" >
               <comments>Hello emptytagdef</comments>
           </field>
           <field name="another_id" size="10"