Raw operator does not properly escape nested columns

[ouzkhanmete]

Issue type:

[ ] question
[x] bug report
[ ] feature request
[ ] documentation issue

Database system/driver:

[ ] cordova
[ ] mongodb
[ ] mssql
[ ] mysql / mariadb
[ ] oracle
[x] postgres
[ ] cockroachdb
[ ] sqlite
[ ] sqljs
[ ] react-native
[ ] expo

TypeORM version:

[ ] latest
[ ] @next
[x] 11.5 (or put your version here)

Steps to reproduce or a small repository showing the problem:

Currently Raw operator is broken when using joins. columnPath that is passed in callback has a value of "SomeTable.someColumn" which resolved with an error missing from-clause entry for table when executing a query.

Example:

// This is broken
repo.findOne({
  where: {
    field: Raw(columnPath => `${columnPath} = "somevalue"`)
  },
  relation: ['someOtherTable']
})


// This works
function wrapColumnPath(columnPath: string): string {
    return columnPath.split('.').map(c => `"${c}"`).join('.')
}

repo.findOne({
  where: {
    field: Raw(columnPath => `${wrapColumnPath(columnPath)} = "somevalue"`)
  },
  relation: ['someOtherTable']
})

As mentioned in this issue we should have some sort of SafeRaw to handle this kind of issues.

[imnotjames]

The issue isn't that it isn't escaped - the issue is that the replacement that happens later on in the query building process doesn't replace it with the escaped value.