Skip to content
Permalink
Browse files

lib/db: Fix reading escaped data

  • Loading branch information...
lauriro committed Dec 15, 2018
1 parent 1c552aa commit 9cb22fe384fda2b09623077a9527a4e35a471cbd
Showing with 30 additions and 12 deletions.
  1. +8 −6 lib/db.js
  2. +1 −1 package.json
  3. +20 −4 test/lib/db.js
  4. +1 −1 ui/index.js
@@ -54,15 +54,17 @@ function Db(file, _opts) {
db.firstRow = row
i = cut = buf.indexOf(10) + 1
db.headers = buf.toString("utf8", 1, i - 2).split("','")
} else if (type === 7 && buf[0] === 39) {
type = 6
i = 1
}

for (; i < len; ) {
if (type > 3) {
if (
buf[i++] !== 39 ||
buf[i] === 39 && ++type
) continue
}
if (type > 3 && (
buf[i++] !== 39 ||
buf[i] === 39 && (type = 6) && ++i ||
i === len && (type = 7)
)) continue
code = buf[i++]
if (type === 0) {
if (code === 89) return _done() // Y
@@ -1,6 +1,6 @@
{
"name": "litejs",
"version": "18.12.1",
"version": "18.12.2",
"license": "MIT",
"author": "Lauri Rooden <lauri@rooden.ee>",
"description": "Single-page application framework",
@@ -1,13 +1,29 @@


require("..")
.test("sqlite", function(assert, mock) {
var openDb = require("../../lib/db.js")
, db = openDb(":memory:", {
})
, txt = "a','',''',\n"
db.run("CREATE TABLE q1 (t INT, key TEXT, val BLOB)", [])
db.run("insert into q1 values (?, ?, ?)", [123, "", txt])
db.get("SELECT val from q1 where t=?", [123], function(err, row) {
assert.equal(row.val, txt)
assert.end()
})
})
.test("sqlite", function(assert, mock) {
var openDb = require("../../lib/db.js")
, Transform = require("stream").Transform
, step = Math.floor(Math.random() * 25) + 4
, smallChunks = new Transform({
transform(chunk, encoding, callback) {
for (var i = 0, len = chunk.length; i < len; ) {
this.push(chunk.slice(i, i+=23))
var i = 0
, len = chunk.length
this.push(chunk.slice(i, i+=23))
for (; i < len; ) {
this.push(chunk.slice(i, i+=4))
}
callback()
}
@@ -19,12 +35,12 @@ require("..")
{t: 123, key: "1\n2'3", val: false},
{t: null, key: "abc", val: true}
]
, control = String.fromCharCode(
, control = (String.fromCharCode(
1, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
20, 21, 22, 23, 24, 25, 26, 27, 28, 29,
30, 31, 32, 33, 34, 35, 36, 37, 38, 39
) + " \u2028 \u2029\\"
) + " \u2028 \u2029\\ ','',''',").repeat(step)

//db.run("SELECT 1")
//db.get("select sqlite_version() as version", [], cb("VERSION"))
@@ -1,5 +1,5 @@
/*
* @version 18.12.1
* @version 18.12.2
* @author Lauri Rooden <lauri@rooden.ee>
* @license MIT License
*/

0 comments on commit 9cb22fe

Please sign in to comment.
You can’t perform that action at this time.