From 14f04a6a526ce654c86e7e62bcf4cb09cfca6eb2 Mon Sep 17 00:00:00 2001
From: Morton Jonuschat <m.jonuschat@mojocode.de>
Date: Thu, 28 May 2015 19:50:47 +0200
Subject: [PATCH] [BUGFIX] dbal: Cast field to CHAR for FIND_IN_SET()
Implement explicit casting of fields to a character representation.
Most DBMS are stricter in regard to data type checking and emit an
error when trying to use FIND_IN_SET() on non-text field types.
On the DBAL side of things the DBMS specifics are used to define that
an explicit cast is required for FIND_IN_SET() so that a query including
the CAST() statement gets generated.
A PostgreSQL Specific has been added to enable the explicit casting in
conjuction with DBAL. To avoid checking repeatedly if a DBMS has defined
specific requirements a NullSpecific has been implemented that gets used
as a default.
In the DatabaseTreeDataProvider the listFieldQuery() function has been
changed to use an explicit CAST() instead of relying on the implicit
cast done by MySQL when comparing it to an empty string.
The SqlParser has been extended with the support for CAST().
Resolves: #67155
Resolves: #67172
Resolves: #46271
Releases: master, 6.2
Change-Id: Ic77d1700e0fb4e3723c90b34e131dafb456038e0
Reviewed-on: http://review.typo3.org/39779
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
.../core/Classes/Database/SqlParser.php | 40 ++++++++++++++++---
.../DatabaseTreeDataProvider.php | 2 +-
.../Tests/Unit/Database/SqlParserTest.php | 15 +++++++
.../Classes/Database/DatabaseConnection.php | 12 +++++-
.../Database/Specifics/AbstractSpecifics.php | 1 +
.../Database/Specifics/PostgresSpecifics.php | 9 +++++
.../DatabaseConnectionPostgresqlTest.php | 2 +-
.../Tests/Unit/Database/SqlParserTest.php | 25 ++++++++++++
8 files changed, 97 insertions(+), 9 deletions(-)
diff --git a/typo3/sysext/core/Classes/Database/SqlParser.php b/typo3/sysext/core/Classes/Database/SqlParser.php
index a64df9ac4b24..7e391ae5dc7b 100644
--- a/typo3/sysext/core/Classes/Database/SqlParser.php
+++ b/typo3/sysext/core/Classes/Database/SqlParser.php
@@ -237,7 +237,7 @@ class SqlParser {
// Get field/value pairs:
while ($comma) {
if ($fieldName = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]*=')) {
- // Strip of "=" sign.
+ // Strip off "=" sign.
$this->nextPart($parseString, '^(=)');
$value = $this->getValue($parseString);
$result['FIELDS'][$fieldName] = $value;
@@ -739,7 +739,7 @@ class SqlParser {
// Looking for a known function (only known functions supported)
$func = $this->nextPart($parseString, '^(count|max|min|floor|sum|avg)[[:space:]]*\\(');
if ($func) {
- // Strip of "("
+ // Strip off "("
$parseString = trim(substr($parseString, 1));
$stack[$pnt]['type'] = 'function';
$stack[$pnt]['function'] = $func;
@@ -1037,7 +1037,7 @@ class SqlParser {
// See if condition is EXISTS with a subquery
if (preg_match('/^EXISTS[[:space:]]*[(]/i', $parseString)) {
$stack[$level][$pnt[$level]]['func']['type'] = $this->nextPart($parseString, '^(EXISTS)[[:space:]]*');
- // Strip of "("
+ // Strip off "("
$parseString = trim(substr($parseString, 1));
$stack[$level][$pnt[$level]]['func']['subquery'] = $this->parseSELECT($parseString, $parameterReferences);
// Seek to new position in parseString after parsing of the subquery
@@ -1050,7 +1050,7 @@ class SqlParser {
// See if LOCATE function is found
if (preg_match('/^LOCATE[[:space:]]*[(]/i', $parseString)) {
$stack[$level][$pnt[$level]]['func']['type'] = $this->nextPart($parseString, '^(LOCATE)[[:space:]]*');
- // Strip of "("
+ // Strip off "("
$parseString = trim(substr($parseString, 1));
$stack[$level][$pnt[$level]]['func']['substr'] = $this->getValue($parseString);
if (!$this->nextPart($parseString, '^(,)')) {
@@ -1078,7 +1078,7 @@ class SqlParser {
} elseif (preg_match('/^IFNULL[[:space:]]*[(]/i', $parseString)) {
$stack[$level][$pnt[$level]]['func']['type'] = $this->nextPart($parseString, '^(IFNULL)[[:space:]]*');
$parseString = trim(substr($parseString, 1));
- // Strip of "("
+ // Strip off "("
if ($fieldName = $this->nextPart($parseString, '^([[:alnum:]\\*._]+)[[:space:]]*')) {
// Parse field name into field and table:
$tableField = explode('.', $fieldName, 2);
@@ -1098,9 +1098,32 @@ class SqlParser {
if (!$this->nextPart($parseString, '^([)])')) {
return $this->parseError('No ) parenthesis at end of function', $parseString);
}
+ } elseif (preg_match('/^CAST[[:space:]]*[(]/i', $parseString)) {
+ $stack[$level][$pnt[$level]]['func']['type'] = $this->nextPart($parseString, '^(CAST)[[:space:]]*');
+ $parseString = trim(substr($parseString, 1));
+ // Strip off "("
+ if ($fieldName = $this->nextPart($parseString, '^([[:alnum:]\\*._]+)[[:space:]]*')) {
+ // Parse field name into field and table:
+ $tableField = explode('.', $fieldName, 2);
+ if (count($tableField) === 2) {
+ $stack[$level][$pnt[$level]]['func']['table'] = $tableField[0];
+ $stack[$level][$pnt[$level]]['func']['field'] = $tableField[1];
+ } else {
+ $stack[$level][$pnt[$level]]['func']['table'] = '';
+ $stack[$level][$pnt[$level]]['func']['field'] = $tableField[0];
+ }
+ } else {
+ return $this->parseError('No field name found as expected in parseWhereClause()', $parseString);
+ }
+ if ($this->nextPart($parseString, '^([[:space:]]*AS[[:space:]]*)')) {
+ $stack[$level][$pnt[$level]]['func']['datatype'] = $this->getValue($parseString);
+ }
+ if (!$this->nextPart($parseString, '^([)])')) {
+ return $this->parseError('No ) parenthesis at end of function', $parseString);
+ }
} elseif (preg_match('/^FIND_IN_SET[[:space:]]*[(]/i', $parseString)) {
$stack[$level][$pnt[$level]]['func']['type'] = $this->nextPart($parseString, '^(FIND_IN_SET)[[:space:]]*');
- // Strip of "("
+ // Strip off "("
$parseString = trim(substr($parseString, 1));
if ($str = $this->getValue($parseString)) {
$stack[$level][$pnt[$level]]['func']['str'] = $str;
@@ -1917,6 +1940,11 @@ class SqlParser {
$output .= ($v['func']['table'] ? $v['func']['table'] . '.' : '') . $v['func']['field'];
$output .= ', ' . $v['func']['default'][1] . $this->compileAddslashes($v['func']['default'][0]) . $v['func']['default'][1];
$output .= ')';
+ } elseif (isset($v['func']) && $v['func']['type'] === 'CAST') {
+ $output .= ' ' . trim($v['modifier']) . ' CAST(';
+ $output .= ($v['func']['table'] ? $v['func']['table'] . '.' : '') . $v['func']['field'];
+ $output .= ' AS ' . $v['func']['datatype'][0];
+ $output .= ')';
} elseif (isset($v['func']) && $v['func']['type'] === 'FIND_IN_SET') {
$output .= ' ' . trim($v['modifier']) . ' FIND_IN_SET(';
$output .= $v['func']['str'][1] . $v['func']['str'][0] . $v['func']['str'][1];
diff --git a/typo3/sysext/core/Classes/Tree/TableConfiguration/DatabaseTreeDataProvider.php b/typo3/sysext/core/Classes/Tree/TableConfiguration/DatabaseTreeDataProvider.php
index de929b490833..3241c62e991e 100644
--- a/typo3/sysext/core/Classes/Tree/TableConfiguration/DatabaseTreeDataProvider.php
+++ b/typo3/sysext/core/Classes/Tree/TableConfiguration/DatabaseTreeDataProvider.php
@@ -428,7 +428,7 @@ class DatabaseTreeDataProvider extends AbstractTableConfigurationTreeDataProvide
* @return int[] all uids found
*/
protected function listFieldQuery($fieldName, $queryId) {
- $records = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid', $this->getTableName(), $GLOBALS['TYPO3_DB']->listQuery($fieldName, (int)$queryId, $this->getTableName()) . ((int)$queryId == 0 ? ' OR ' . $fieldName . ' = \'\'' : ''));
+ $records = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid', $this->getTableName(), $GLOBALS['TYPO3_DB']->listQuery($fieldName, (int)$queryId, $this->getTableName()) . ((int)$queryId === 0 ? ' OR CAST(' . $fieldName . ' AS CHAR) = \'\'' : ''));
$uidArray = array();
foreach ($records as $record) {
$uidArray[] = $record['uid'];
diff --git a/typo3/sysext/core/Tests/Unit/Database/SqlParserTest.php b/typo3/sysext/core/Tests/Unit/Database/SqlParserTest.php
index 990afc99f32c..115287d91549 100644
--- a/typo3/sysext/core/Tests/Unit/Database/SqlParserTest.php
+++ b/typo3/sysext/core/Tests/Unit/Database/SqlParserTest.php
@@ -98,6 +98,21 @@ class SqlParserTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
'field' => 'fe_group'
),
'comparator' => ''
+ ),
+ 5 => array(
+ 'operator' => 'OR',
+ 'modifier' => '',
+ 'func' => array(
+ 'type' => 'CAST',
+ 'table' => 'pages',
+ 'field' => 'fe_group',
+ 'datatype' => 'CHAR'
+ ),
+ 'comparator' => '=',
+ 'value' => array(
+ 0 => '',
+ 1 => '\''
+ )
)
);
$output = $this->subject->compileWhereClause($clauses);
diff --git a/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php b/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php
index a51661c8fda6..8d53f120456a 100644
--- a/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php
+++ b/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php
@@ -1753,7 +1753,17 @@ class DatabaseConnection extends \TYPO3\CMS\Core\Database\DatabaseConnection {
// but it's not overridden from \TYPO3\CMS\Core\Database\DatabaseConnection at the moment...
$patternForLike = $this->escapeStrForLike($pattern, $where_clause[$k]['func']['table']);
$where_clause[$k]['func']['str_like'] = $patternForLike;
- // Intentional fallthrough
+ if ($where_clause[$k]['func']['table'] !== '') {
+ $where_clause[$k]['func']['table'] = $this->quoteName($v['func']['table']);
+ }
+ if ($where_clause[$k]['func']['field'] !== '') {
+ if ($this->dbmsSpecifics->getSpecific(Specifics\AbstractSpecifics::CAST_FIND_IN_SET)) {
+ $where_clause[$k]['func']['field'] = 'CAST(' . $this->quoteName($v['func']['field']) . ' AS CHAR)';
+ } else {
+ $where_clause[$k]['func']['field'] = $this->quoteName($v['func']['field']);
+ }
+ }
+ break;
case 'IFNULL':
// Intentional fallthrough
case 'LOCATE':
diff --git a/typo3/sysext/dbal/Classes/Database/Specifics/AbstractSpecifics.php b/typo3/sysext/dbal/Classes/Database/Specifics/AbstractSpecifics.php
index 722aaeb45111..b2e2f947d6af 100644
--- a/typo3/sysext/dbal/Classes/Database/Specifics/AbstractSpecifics.php
+++ b/typo3/sysext/dbal/Classes/Database/Specifics/AbstractSpecifics.php
@@ -26,6 +26,7 @@ abstract class AbstractSpecifics {
const FIELD_MAXLENGTH = 'field_maxlength';
const LIST_MAXEXPRESSIONS = 'list_maxexpressions';
const PARTIAL_STRING_INDEX = 'partial_string_index';
+ const CAST_FIND_IN_SET = 'cast_find_in_set';
/**
* Contains the specifics of a DBMS.
diff --git a/typo3/sysext/dbal/Classes/Database/Specifics/PostgresSpecifics.php b/typo3/sysext/dbal/Classes/Database/Specifics/PostgresSpecifics.php
index 6f9138f28b24..145c7ef2bb94 100644
--- a/typo3/sysext/dbal/Classes/Database/Specifics/PostgresSpecifics.php
+++ b/typo3/sysext/dbal/Classes/Database/Specifics/PostgresSpecifics.php
@@ -21,6 +21,15 @@ use TYPO3\CMS\Core\Utility\GeneralUtility;
* Any logic is in AbstractSpecifics.
*/
class PostgresSpecifics extends AbstractSpecifics {
+ /**
+ * Contains the specifics that need to be taken care of for PostgreSQL DBMS.
+ *
+ * @var array
+ */
+ protected $specificProperties = array(
+ self::CAST_FIND_IN_SET => TRUE
+ );
+
/**
* Contains the DBMS specific mapping overrides for native MySQL to ADOdb meta field types
*/
diff --git a/typo3/sysext/dbal/Tests/Unit/Database/DatabaseConnectionPostgresqlTest.php b/typo3/sysext/dbal/Tests/Unit/Database/DatabaseConnectionPostgresqlTest.php
index 046eaf634ad6..638f1f306f81 100644
--- a/typo3/sysext/dbal/Tests/Unit/Database/DatabaseConnectionPostgresqlTest.php
+++ b/typo3/sysext/dbal/Tests/Unit/Database/DatabaseConnectionPostgresqlTest.php
@@ -90,7 +90,7 @@ class DatabaseConnectionPostgresqlTest extends AbstractTestCase {
*/
public function findInSetIsProperlyRemapped() {
$result = $this->subject->SELECTquery('*', 'fe_users', 'FIND_IN_SET(10, usergroup)');
- $expected = 'SELECT * FROM "fe_users" WHERE FIND_IN_SET(10, "usergroup") != 0';
+ $expected = 'SELECT * FROM "fe_users" WHERE FIND_IN_SET(10, CAST("usergroup" AS CHAR)) != 0';
$this->assertEquals($expected, $this->cleanSql($result));
}
diff --git a/typo3/sysext/dbal/Tests/Unit/Database/SqlParserTest.php b/typo3/sysext/dbal/Tests/Unit/Database/SqlParserTest.php
index 9e1a948bf151..f5b0cd7c3414 100644
--- a/typo3/sysext/dbal/Tests/Unit/Database/SqlParserTest.php
+++ b/typo3/sysext/dbal/Tests/Unit/Database/SqlParserTest.php
@@ -269,6 +269,31 @@ class SqlParserTest extends AbstractTestCase {
$this->assertEquals($expected, $this->cleanSql($result));
}
+ /**
+ * @test
+ * @see http://forge.typo3.org/issues/67155
+ */
+ public function canParseCastOperator() {
+ $parseString = 'CAST(parent AS CHAR) != \'\'';
+ $result = $this->subject->parseWhereClause($parseString);
+ $this->assertInternalType('array', $result);
+ $this->assertEmpty($parseString);
+ }
+
+ /**
+ * @test
+ * @see http://forge.typo3.org/issues/67155
+ */
+ public function canCompileCastOperator() {
+ $parseString = 'SELECT * FROM sys_category WHERE CAST(parent AS CHAR) != \'\'';
+ $components = $this->subject->_callRef('parseSELECT', $parseString);
+ $this->assertInternalType('array', $components);
+
+ $result = $this->subject->_callRef('compileSELECT', $components);
+ $expected = 'SELECT * FROM sys_category WHERE CAST(parent AS CHAR) != \'\'';
+ $this->assertEquals($expected, $this->cleanSql($result));
+ }
+
/**
* @test
* @see http://forge.typo3.org/issues/22695
--
GitLab