Merge branch 'v0.0'

lib/adapters/sql/base.js

@@ -135,7 +135,7 @@ utils.mixin(Adapter.prototype, new (function () {
       item.id = utils.string.uuid();
       cols.push(this._columnizePropertyName('id'));
       vals.push(datatypes.string.serialize(item.id, {
-        escape: true
+        escape: 'sql'
       , useQuotes: true
       }));
     }

lib/adapters/transformers/mr.js

@@ -21,7 +21,7 @@ var mr = utils.mixin(new BaseTransformer(), new (function () {
           default:
             ret = datatypes[datatype].serialize(val, {
                 useQuotes: true
-              , escape: true
+              , escape: 'js'
             });
         }
         return ret;

lib/adapters/transformers/sql.js

@@ -14,7 +14,7 @@ var sql = utils.mixin(new BaseTransformer(), new (function () {
     }
     else {
       ret = datatypes[datatype].serialize(prop, {
-        escape: true
+        escape: 'sql'
       , useQuotes: true
       });
     }
@@ -93,7 +93,7 @@ var sql = utils.mixin(new BaseTransformer(), new (function () {
       , serialize = function (val) {
           return datatypes[comp.datatype].serialize(val, {
               useQuotes: true
-            , escape: true
+            , escape: 'sql'
           });
         };
     if (val === null) {

lib/datatypes.js

@@ -23,8 +23,7 @@ var model = require('./index')
   , _isArray
   , _serialize
   , _quoteize
-  , _escape
-  , _unescape;
+  , _escape;
 
 _isArray = function (obj) {
   // Defer to native if possible
@@ -42,7 +41,7 @@ _serialize = function (input, options) {
   var val = String(input)
     , opts = options || {};
   if (opts.escape) {
-    val = _escape(val);
+    val = _escape(val, opts.escape);
   }
   if (opts.useQuotes) {
     val = _quoteize(val);
@@ -57,13 +56,21 @@ _quoteize = function (val) {
   return ["'", "'"].join(val);
 }
 
-// Scrub input for basic SQL injection protection
-_escape = function (s) {
-  return s.replace(/'/g, "''");
-};
-
-_unescape = function (s) {
-  return s.replace(/''/g, "'");
+_escape = function (s, type) {
+  var ret;
+  switch (type) {
+    // Scrub input for basic SQL injection protection
+    case 'sql':
+      ret = s.replace(/'/g, "''");
+      break;
+    // Backslash-esc single quotes for use in M/R JS sourcecode str
+    case 'js':
+      ret = s.replace(/'/g, "\\'");
+      break;
+    default:
+      throw new Error(type + ' is not a valid type of escaping.');
+  }
+  return ret;
 };
 
 /*

package.json

@@ -14,7 +14,7 @@
     "mongo",
     "mongodb"
   ],
-  "version": "0.0.42",
+  "version": "0.0.43",
   "author": "Matthew Eernisse <mde@fleegix.org> (http://fleegix.org)",
   "main": "./lib/index.js",
   "scripts": {

test/adapters/shared.js

@@ -124,6 +124,33 @@ tests = {
     });
   }
 
+, 'single-quote in string property': function (next) {
+    var z = Zooby.create({
+          foo: "QUX's awesome Zooby"
+        , zong: new Date()
+        , mar: 0
+        });
+    z.save(function (err, data) {
+      var id;
+      if (err) {
+        throw err;
+      }
+      id = data.id;
+      Zooby.first({foo: "QUX's awesome Zooby"}, function (err, data) {
+        if (err) {
+          throw err;
+        }
+        assert.equal(id, data.id);
+        Zooby.remove({id: id}, function (err, data) {
+          if (err) {
+            throw err;
+          }
+          next();
+        });
+      });
+    });
+  }
+
 , 'test all, by string equality': function (next) {
     Zooby.all({foo: 'FOO'}, {}, function (err, data) {
       if (err) {
@@ -165,7 +192,6 @@ tests = {
     });
   }
 
-/*
 , 'test all, by IN': function (next) {
     Zooby.all({foo: {'in': ['BAR', 'BAZ']}}, function (err, data) {
       if (err) {
@@ -175,7 +201,6 @@ tests = {
       next();
     });
   }
-*/
 
 , 'test all, sort string column name': function (next) {
     Zooby.all({}, {sort: 'zong'}, function (err, data) {