From 18954afa738e5f24577612823a554147a91b9f80 Mon Sep 17 00:00:00 2001
From: Anton <mcausc78@gmail.com>
Date: Mon, 1 Jan 2024 15:23:25 +0200
Subject: [PATCH] cgen: escape table names (fix #20313) (#20322)

---
 cmd/tools/vtest-self.v             |  2 ++
 vlib/v/gen/c/orm.v                 |  3 ++-
 vlib/v/tests/orm_table_name_test.v | 17 +++++++++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 vlib/v/tests/orm_table_name_test.v

diff --git a/cmd/tools/vtest-self.v b/cmd/tools/vtest-self.v
index 03c62ccdff858d..24e955923cdddf 100644
--- a/cmd/tools/vtest-self.v
+++ b/cmd/tools/vtest-self.v
@@ -159,6 +159,7 @@ const skip_with_fsanitize_memory = [
 	'vlib/v/tests/orm_joined_tables_select_test.v',
 	'vlib/v/tests/sql_statement_inside_fn_call_test.v',
 	'vlib/v/tests/orm_stmt_wrong_return_checking_test.v',
+	'vlib/v/tests/orm_table_name_test.v',
 	'vlib/v/tests/orm_handle_error_for_select_from_not_created_table_test.v',
 	'vlib/vweb/tests/vweb_test.v',
 	'vlib/vweb/csrf/csrf_test.v',
@@ -244,6 +245,7 @@ const skip_on_ubuntu_musl = [
 	'vlib/v/tests/orm_sub_array_struct_test.v',
 	'vlib/v/tests/orm_joined_tables_select_test.v',
 	'vlib/v/tests/orm_stmt_wrong_return_checking_test.v',
+	'vlib/v/tests/orm_table_name_test.v',
 	'vlib/v/tests/orm_handle_error_for_select_from_not_created_table_test.v',
 	'vlib/v/tests/sql_statement_inside_fn_call_test.v',
 	'vlib/clipboard/clipboard_test.v',
diff --git a/vlib/v/gen/c/orm.v b/vlib/v/gen/c/orm.v
index 270671e7b86336..d399d455401aaa 100644
--- a/vlib/v/gen/c/orm.v
+++ b/vlib/v/gen/c/orm.v
@@ -809,6 +809,7 @@ fn (mut g Gen) write_orm_select(node ast.SqlExpr, connection_var_name string, re
 
 	select_result_var_name := g.new_tmp_var()
 	table_name := g.get_table_name_by_struct_type(node.table_expr.typ)
+	escaped_table_name := cescape_nonascii(util.smart_quote(table_name, false))
 	g.sql_table_name = g.table.sym(node.table_expr.typ).name
 
 	g.writeln('// sql { select from `${table_name}` }')
@@ -817,7 +818,7 @@ fn (mut g Gen) write_orm_select(node ast.SqlExpr, connection_var_name string, re
 	g.writeln('${connection_var_name}._object, // Connection object')
 	g.writeln('(orm__SelectConfig){')
 	g.indent++
-	g.writeln('.table = _SLIT("${table_name}"),')
+	g.writeln('.table = _SLIT("${escaped_table_name}"),')
 	g.writeln('.is_count = ${node.is_count},')
 	g.writeln('.has_where = ${node.has_where},')
 	g.writeln('.has_order = ${node.has_order},')
diff --git a/vlib/v/tests/orm_table_name_test.v b/vlib/v/tests/orm_table_name_test.v
new file mode 100644
index 00000000000000..faecad405781b1
--- /dev/null
+++ b/vlib/v/tests/orm_table_name_test.v
@@ -0,0 +1,17 @@
+import db.sqlite
+
+@[table: '"specific name"']
+struct ORMTableSpecificName {
+	dummy int
+}
+
+fn test_orm_table_name() {
+	db := sqlite.connect(':memory:') or { panic(err) }
+	r := sql db {
+		select from ORMTableSpecificName
+	} or {
+		assert true
+		return
+	}
+	assert false
+}