Permalink
Browse files

API DataList->leftJoin()/innerJoin() args no longer escaped

The table name in the join was being escaped, though table
names aren't escaped anywhere else. This breaks
namespaced classes, which rely on unescaped backslashes.
  • Loading branch information...
1 parent c2afca2 commit 78fdcc580bf89ea63ad6cb977bc45b8f73f7af53 @simonwelsh simonwelsh committed with chillu Jun 30, 2012
Showing with 11 additions and 3 deletions.
  1. +2 −2 model/DataList.php
  2. +1 −1 model/SQLQuery.php
  3. +8 −0 tests/model/DataListTest.php
View
@@ -533,7 +533,7 @@ public function subtract(SS_List $list) {
/**
* Return a new DataList instance with an inner join clause added to this list's query.
*
- * @param string $table Table name (unquoted)
+ * @param string $table Table name (unquoted and as escaped SQL)
* @param string $onClause Escaped SQL statement, e.g. '"Table1"."ID" = "Table2"."ID"'
* @param string $alias - if you want this table to be aliased under another name
* @return DataList
@@ -547,7 +547,7 @@ public function innerJoin($table, $onClause, $alias = null) {
/**
* Return a new DataList instance with a left join clause added to this list's query.
*
- * @param string $table Table name (unquoted)
+ * @param string $table Table name (unquoted and as escaped SQL)
* @param string $onClause Escaped SQL statement, e.g. '"Table1"."ID" = "Table2"."ID"'
* @param string $alias - if you want this table to be aliased under another name
* @return DataList
View
@@ -874,7 +874,7 @@ function sql() {
else $filter = "(" . implode(") AND (", $join['filter']) . ")";
$aliasClause = ($alias != $join['table']) ? " AS \"" . Convert::raw2sql($alias) . "\"" : "";
- $this->from[$alias] = strtoupper($join['type']) . " JOIN \"" . Convert::raw2sql($join['table']) . "\"$aliasClause ON $filter";
+ $this->from[$alias] = strtoupper($join['type']) . " JOIN \"" . $join['table'] . "\"$aliasClause ON $filter";
}
}
@@ -85,6 +85,14 @@ function testLeftJoin() {
$list->leftJoin('DataObjectTest_Team', '"DataObjectTest_Team"."ID" = "DataObjectTest_TeamComment"."TeamID"', 'Team');
$expected = 'SELECT DISTINCT "DataObjectTest_TeamComment"."ClassName", "DataObjectTest_TeamComment"."Created", "DataObjectTest_TeamComment"."LastEdited", "DataObjectTest_TeamComment"."Name", "DataObjectTest_TeamComment"."Comment", "DataObjectTest_TeamComment"."TeamID", "DataObjectTest_TeamComment"."ID", CASE WHEN "DataObjectTest_TeamComment"."ClassName" IS NOT NULL THEN "DataObjectTest_TeamComment"."ClassName" ELSE '.$db->prepStringForDB('DataObjectTest_TeamComment').' END AS "RecordClassName" FROM "DataObjectTest_TeamComment" LEFT JOIN "DataObjectTest_Team" AS "Team" ON "DataObjectTest_Team"."ID" = "DataObjectTest_TeamComment"."TeamID"';
$this->assertEquals($expected, $list->sql());
+
+ // Test with namespaces (with non-sensical join, but good enough for testing)
+ $list = DataObjectTest_TeamComment::get();
+ $list->leftJoin('DataObjectTest\NamespacedClass', '"DataObjectTest\NamespacedClass"."ID" = "DataObjectTest_TeamComment"."ID"');
+ $expected = 'SELECT DISTINCT "DataObjectTest_TeamComment"."ClassName", "DataObjectTest_TeamComment"."Created", "DataObjectTest_TeamComment"."LastEdited", "DataObjectTest_TeamComment"."Name", "DataObjectTest_TeamComment"."Comment", "DataObjectTest_TeamComment"."TeamID", "DataObjectTest_TeamComment"."ID", CASE WHEN "DataObjectTest_TeamComment"."ClassName" IS NOT NULL THEN "DataObjectTest_TeamComment"."ClassName" ELSE '.$db->prepStringForDB('DataObjectTest_TeamComment').' END AS "RecordClassName" ' .
+ 'FROM "DataObjectTest_TeamComment" ' .
+ 'LEFT JOIN "DataObjectTest\NamespacedClass" ON "DataObjectTest\NamespacedClass"."ID" = "DataObjectTest_TeamComment"."ID"';
+ $this->assertEquals($expected, $list->sql(), 'Retains backslashes in namespaced classes');
}
function testToNestedArray() {

0 comments on commit 78fdcc5

Please sign in to comment.