Permalink
Browse files

Merge branch 'v0.0'

  • Loading branch information...
2 parents 7486949 + b4e24df commit cb570f0719563cf2ded009fa2c89d64b0a07ecf3 mde committed Apr 1, 2013
Showing with 49 additions and 17 deletions.
  1. +1 −1 lib/adapters/sql/base.js
  2. +1 −1 lib/adapters/transformers/mr.js
  3. +2 −2 lib/adapters/transformers/sql.js
  4. +17 −10 lib/datatypes.js
  5. +1 −1 package.json
  6. +27 −2 test/adapters/shared.js
@@ -135,7 +135,7 @@ utils.mixin(Adapter.prototype, new (function () {
item.id = utils.string.uuid();
cols.push(this._columnizePropertyName('id'));
vals.push(datatypes.string.serialize(item.id, {
- escape: true
+ escape: 'sql'
, useQuotes: true
}));
}
@@ -21,7 +21,7 @@ var mr = utils.mixin(new BaseTransformer(), new (function () {
default:
ret = datatypes[datatype].serialize(val, {
useQuotes: true
- , escape: true
+ , escape: 'js'
});
}
return ret;
@@ -14,7 +14,7 @@ var sql = utils.mixin(new BaseTransformer(), new (function () {
}
else {
ret = datatypes[datatype].serialize(prop, {
- escape: true
+ escape: 'sql'
, useQuotes: true
});
}
@@ -93,7 +93,7 @@ var sql = utils.mixin(new BaseTransformer(), new (function () {
, serialize = function (val) {
return datatypes[comp.datatype].serialize(val, {
useQuotes: true
- , escape: true
+ , escape: 'sql'
});
};
if (val === null) {
View
@@ -23,8 +23,7 @@ var model = require('./index')
, _isArray
, _serialize
, _quoteize
- , _escape
- , _unescape;
+ , _escape;
_isArray = function (obj) {
// Defer to native if possible
@@ -42,7 +41,7 @@ _serialize = function (input, options) {
var val = String(input)
, opts = options || {};
if (opts.escape) {
- val = _escape(val);
+ val = _escape(val, opts.escape);
}
if (opts.useQuotes) {
val = _quoteize(val);
@@ -57,13 +56,21 @@ _quoteize = function (val) {
return ["'", "'"].join(val);
}
-// Scrub input for basic SQL injection protection
-_escape = function (s) {
- return s.replace(/'/g, "''");
-};
-
-_unescape = function (s) {
- return s.replace(/''/g, "'");
+_escape = function (s, type) {
+ var ret;
+ switch (type) {
+ // Scrub input for basic SQL injection protection
+ case 'sql':
+ ret = s.replace(/'/g, "''");
+ break;
+ // Backslash-esc single quotes for use in M/R JS sourcecode str
+ case 'js':
+ ret = s.replace(/'/g, "\\'");
+ break;
+ default:
+ throw new Error(type + ' is not a valid type of escaping.');
+ }
+ return ret;
};
/*
View
@@ -14,7 +14,7 @@
"mongo",
"mongodb"
],
- "version": "0.0.42",
+ "version": "0.0.43",
"author": "Matthew Eernisse <mde@fleegix.org> (http://fleegix.org)",
"main": "./lib/index.js",
"scripts": {
@@ -124,6 +124,33 @@ tests = {
});
}
+, 'single-quote in string property': function (next) {
+ var z = Zooby.create({
+ foo: "QUX's awesome Zooby"
+ , zong: new Date()
+ , mar: 0
+ });
+ z.save(function (err, data) {
+ var id;
+ if (err) {
+ throw err;
+ }
+ id = data.id;
+ Zooby.first({foo: "QUX's awesome Zooby"}, function (err, data) {
+ if (err) {
+ throw err;
+ }
+ assert.equal(id, data.id);
+ Zooby.remove({id: id}, function (err, data) {
+ if (err) {
+ throw err;
+ }
+ next();
+ });
+ });
+ });
+ }
+
, 'test all, by string equality': function (next) {
Zooby.all({foo: 'FOO'}, {}, function (err, data) {
if (err) {
@@ -165,7 +192,6 @@ tests = {
});
}
-/*
, 'test all, by IN': function (next) {
Zooby.all({foo: {'in': ['BAR', 'BAZ']}}, function (err, data) {
if (err) {
@@ -175,7 +201,6 @@ tests = {
next();
});
}
-*/
, 'test all, sort string column name': function (next) {
Zooby.all({}, {sort: 'zong'}, function (err, data) {

0 comments on commit cb570f0

Please sign in to comment.